Episode 24 — Password Policy, MFA, and Credential Hygiene
Credentials remain the front door to most systems, and this episode explores how to secure them with modern best practices. We unpack how password guidance has evolved from complexity requirements toward length, uniqueness, and resistance to reuse. You’ll learn how to apply standards from NIST and major vendors to craft policies that balance user convenience with defense against brute force and phishing. The episode also introduces multi-factor authentication (MFA) as a practical safeguard, explaining how factors like TOTP, push approvals, and hardware keys differ in security strength and usability.
In the second half, listeners will learn what credential hygiene means in practice—avoiding password reuse across systems, protecting recovery methods, and storing secrets securely using password managers or enterprise vaults. We discuss common attack vectors like credential stuffing, MFA fatigue, and social engineering, along with the mitigations that work best. By tying these examples back to GSEC exam domains, the episode reinforces the habits that translate directly from study materials to everyday defense. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
