Field Note 04
Shared secrets stop being controlled the moment they hit chat
When a team password leaves a vault and enters screenshots, docs, or messages, control and revocation immediately get harder.
Read articleJournal
Field Notes
A running journal for password and identity defense. These notes are opinionated, tactical, and focused on what actually changes compromise probability for real users and teams.
Field Note 05
Credential stuffing is still boring and effective
Attackers do not need novel techniques when reused passwords keep working against enough accounts to make the math worthwhile.
Read articleField Note 06
How to decide when a password needs immediate retirement
Breach notices, device loss, suspicious MFA prompts, and helpdesk recovery changes are all stronger indicators than vague anxiety about complexity.
Read articleEditorial Direction
Practical security over abstract advice
The journal is where longer-form thinking lives: rollout strategy, human behavior, team workflows, and the controls that still fail even after people pick stronger passwords.
Best Companion
Use the journal with the tools
Articles tell you what to change. The forge and audit pages let you act on it immediately by replacing weak credentials and inspecting old patterns.