Marcus White

Deployment

Security

Technical

Marcus is a Specops cybersecurity specialist based in the UK, with 8+ years experience in the tech and cyber sectors. He writes about authentication, password security, password management, and compliance.

Articles written by Marcus White

Apr

30

M&S ransomware hack: Active Directory security lessons

M&S (Marks and Spencers) are a cornerstone of British retail with over 64,000 employees – so it was a shock for many to see them laid low by a ransomware attack in April 2025. The retail giant fell victim to…
Read More
Apr

29

Could the Spain and Portugal blackout have been a cyber-attack?

‘Cyber-attack’ was the phrase on many people’s minds when large parts of Spain and Portugal were recently plunged into a blackout. Authorities are investigating the root cause, with early reports suggesting a technical malfunction caused by a ‘rare atmospheric phenomenon’.…
Read More
Apr

28

Passkeys: Benefits, limitations, and will they replace passwords?

Major tech companies like Apple, Google, and Microsoft are actively supporting passkeys, and many popular websites and apps are beginning to adopt them. According to the FIDO Alliance, more than one billion people worldwide have now created at least one…
Read More
Apr

22

Behavioral biometric authentication: Could it replace passwords?

Most people are pretty familiar with biometrics at this point. You scan your thumbprint, iris, or face as a way of identifying yourself and accessing a device or application. It’s a simple but effective way to add an extra security…
Read More
Apr

15

Password spraying: Attack guide and prevention tips

The phrase ‘spray and pray’ likely came from the military, used to describe inaccurately firing automatic weapons in the hope that one shot eventually found its mark. It’s now used to describe any scenario where a strategy relies on the…
Read More
Apr

08

AI vishing: Mastering the art of voice deception

Picture an Italian entrepreneur receiving a phone call from their country’s Defense Minister, Guido Crosetto. The politician has an important but challenging ask – he needs the wealthy individual to wire around €1 million to a Hong Kong-based bank account,…
Read More
Apr

01

Post-quantum cryptography: Password security in the quantum era

Quantum mechanics is the study of physics at the level of incredibly small things – smaller than atoms. Anyone who’s looked into theories like wave-particle duality and entanglement, knows things can get confusing (and weird) very quickly. But it’s not…
Read More
Mar

27

ALIEN TXTBASE data-dump analysis: Dangerous or junk?

Specops researchers have been digging into the ALIEN TXTBASE data-dump, which was recently merged into the HaveIBeenPwned (HIBP) dataset by Troy Hunt. After some analysis of the over 200 million passwords in this dataset, we estimate about 20 million are…
Read More
Mar

26

NYDFS Cybersecurity Regulation: Up-to-date compliance guidance

The stakes are high when it comes to cybersecurity in the financial sector. Financial organizations house a lot of sensitive customer data, including login credentials, personally identifiable information (PII), and banking details. The New York State Department of Financial Services…
Read More
Mar

24

MFA alone isn’t enough: Protect both passwords and the logon

Any system secured behind just a username and password is asking for trouble. Research from Microsoft estimates that over 99% of account takeover attacks can be stopped if the end user has multi-factor authentication (MFA) enabled. MFA is pretty much…
Read More