https://www.bleepingcomputer.com/news/security/the-password-attacks-of-2023-lessons-learned-and-next-steps/ > It should take more than eight characters to bring a business to a halt. However, the relentless onslaught of password-based cyber attacks underscores the alarming ease with which cybercriminals can exploit vulnerable credentials to inflict damage. > Password attacks take many forms: from phishing schemes that dupe employees into handing over their login information, to underground markets where bad actors can sell or purchase stolen credentials.