Welcome to the 9th episode of our Security Culture Campaign! On today’s show Matt Konda talks passwords and password managers.

The first thing to know is that weak passwords are often the easiest way to get access to information.


  • Choose really simple passwords, like password or abcd1234
  • When special characters are required, tend to use something like P@ssword1
  • Use surprisingly easy to guess formats like CompanyYear!
  • Reuse passwords across different websites

When we do pen testing, guessing passwords is a surprisingly effective way to get access to a system!

We’ve worked with clients where we’ve seen an adversary running a botnet with 100,000 computers slowly but consistently testing passwords one by one gleaned from, for example, the billion user Yahoo! data breach. So this is very real.

Read more on the blog.

Click here for the associated YouTube video.

The Jemurai Security Culture Campaign Series is a stream of topical content released every Thursday intended to help developers think about security in a particular area. The content will be available in associated videos, podcasts and blog posts.

Click here to request a topic.

Matt Konda

Matt is a software engineer. He's our CEO and former Chair & OWASP Board Member.