Facebook took an interesting approach that other security professionals need to consider adopting in their organizations. Facebook checked existing user accounts against the breached passwords and locked out accounts using compromised passwords. Attackers seek credentials (the username and password) to get access to those systems and the information they process and store. The real weak link is organizations failing to properly implement, maintain, and protect the most common common means of authentication. We have to reverse more than two-decades of poor explanations and chiding. Run the list. Then how do we improve authentication authentication?”]