A article by cybersecurity expert Troy Hunt observes that intrusions into networks and systems are often made possible by employees’ poor choice of passwords at the targeted organization, rather than the sophisticated exploit of vulnerable code often suggested when attacks are disclosed. Troy notes that the tendency today is to imply that there is no responsibility on behalf of the victim. While he acknowledges the attacker is foremost to blame, he also points to the culpability that must be assigned to organizations for not implementing and enforcing appropriate password policies and to individuals for not following these policies and not applying widely understood best practices. The article concludes with a brief mention of some of the tools and resources available to help encourage adoption of these practices, which include utilizing a password manager. For more information on best practices, see the NCCIC’s Creating and Managing Strong Passwords webpage. Troy Hunt.