Resources

Field Resources

Reference material for day-to-day account defense: what to harden first, where passkeys give the biggest payoff, and how to review recovery paths before they become the weakest link.

Open Checklist Audit a Password

Immediate Actions

Account hardening checklist

Use a dedicated password manager for unique credentials.
Enable MFA on email, banking, source code, and cloud accounts first.
Prefer passkeys where available, especially on primary identity accounts.
Store backup codes offline in a controlled location.
Audit old accounts and rotate reused credentials after any breach.
Never share one family or team password across unrelated systems.

Threat Model

Where passwords still fail

Even a strong password loses if the reset path is weak, the device is compromised, or phishing captures a live session. Password defense works best as part of a layered identity strategy.

Reuse Phishing SIM swap Credential stuffing Weak recovery Shared secrets

Operational Collections

Collection

Daily Operator Checklist

Review your password manager for reused or weak entries.
Rotate credentials after breach notifications or device loss.
Keep one offline copy of recovery codes for critical services.
Separate personal, family, and work vaults where practical.

Collection

Passkey Migration Targets

Primary email provider
Banking and payment apps
Cloud platforms and admin portals
Git hosting and developer tooling

Collection

Recovery Path Review

Check backup email ownership and MFA status.
Verify mobile carrier protections to reduce SIM swap risk.
Remove stale recovery methods from old devices or numbers.
Store emergency access instructions where trusted people can find them.