Bankinfosecurity.com reported that “Troy Hunt, a security expert who runs the Have I Been Pwned data breach notification service, has an idea to help organizations prevent people continuing to use their own compromised passwords or selecting ones that have been leaked.” The August 3, 2017 report entitled “Here Are 306 Million Passwords You Should Never Use” recommend that “two-factor authentication can block the recycling of known credentials” but “its use is still far from widespread” and that:
…ultimately no good defense against a hacker who has valid user credentials.
The password problem does not appear to be getting better, so businesses need to migrate to two-factor authentication ASAP.