🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Security Awareness Coming Soon

SA Password Authentication

The course teaches employees essential password practices, how to use password managers, and why multi‑factor and single sign‑on authentication protect both personal and corporate data.

Who Should Take This

All staff members who regularly access company systems, regardless of technical background, benefit from this awareness training. It is designed for employees at any level—from entry‑level to senior management—who want to adopt secure password habits, correctly enable MFA, and understand authentication risks that could affect both personal and organizational assets.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

62 learning goals
1 Password Fundamentals
2 topics

Why passwords matter

  • Recognize that passwords are the primary barrier protecting corporate accounts, systems, and data from unauthorized access by external attackers and malicious insiders.
  • Explain how compromised passwords lead to data breaches, unauthorized access to corporate systems, identity theft, and financial fraud affecting both the organization and the individual.
  • Describe how attackers obtain passwords through methods including phishing, credential stuffing from data breaches, brute force attacks, dictionary attacks, and social engineering.
  • Recognize how data breach password dumps are sold on the dark web and used in credential stuffing attacks that automatically test stolen passwords across thousands of websites.
  • Describe the concept of password spraying where attackers try a small number of commonly used passwords against many accounts to avoid lockout thresholds.

Creating strong passwords

  • Explain why password length is more important than complexity and how each additional character exponentially increases the time required for brute force attacks.
  • Recognize weak password patterns that attackers target first including dictionary words, personal information, keyboard walks, common substitutions, and previously breached passwords.
  • Describe how to create strong passphrases using multiple unrelated words that are easy to remember but difficult to guess, providing both length and memorability advantages over traditional passwords.
  • Explain why every account should have a unique password so that a breach of one service does not compromise all other accounts through credential reuse.
  • Describe the organization's password policy requirements including minimum length, complexity rules, expiration intervals, and prohibited password patterns.
  • Recognize the risks of security questions based on publicly available personal information such as mother's maiden name, high school, or first pet.
  • Explain why periodic password changes are less effective than using strong, unique passwords with MFA and why modern security guidance favors length over forced rotation.
2 Password Managers
2 topics

Understanding password managers

  • Explain how password managers securely store unique, strong passwords for every account so employees do not need to memorize or write down multiple complex passwords.
  • Describe the benefits of using the organization's approved password manager including automatic password generation, secure storage, cross-device synchronization, and breach alerts.
  • Explain the critical importance of the master password for the password manager and why it must be the strongest password the employee creates, ideally a long passphrase with MFA enabled.
  • Describe why only organization-approved password managers should be used for corporate credentials and why browser-only password storage may not meet security requirements.
  • Recognize the risks of using browser-based password storage without a dedicated password manager, including lack of encryption, no cross-device sync security, and vulnerability to browser exploits.

Using password managers effectively

  • Describe how to use the password manager's password generator to create strong, unique passwords for each new account and when rotating existing passwords.
  • Explain how to securely share passwords with authorized colleagues using the password manager's secure sharing feature rather than sending credentials via email, chat, or text.
  • Describe how password manager breach alerts notify users when stored credentials appear in known data breaches and the importance of changing affected passwords immediately.
  • Explain the importance of keeping the password manager application updated and locked when not in use to prevent unauthorized access to the stored credential vault.
  • Explain how password managers detect weak, reused, and compromised passwords across all stored accounts and why acting on these alerts reduces breach risk.
  • Describe the process for migrating existing passwords from browser storage or spreadsheets into the organization's approved password manager.
3 Multi-Factor Authentication
2 topics

Understanding MFA

  • Recognize multi-factor authentication as a security method that requires two or more verification factors from different categories: something you know, something you have, and something you are.
  • Explain why MFA dramatically reduces the risk of account compromise because an attacker who obtains a password still cannot access the account without the second factor.
  • Describe common MFA methods including authenticator apps generating time-based codes, push notifications, SMS codes, hardware security keys, and biometric verification.
  • Explain the relative security strengths of different MFA methods with hardware keys and authenticator apps being more secure than SMS codes which are vulnerable to SIM swapping.
  • Recognize number matching and location verification as MFA enhancements that prevent push notification fatigue attacks by requiring the user to confirm contextual information.
  • Describe how passkeys work as a passwordless authentication method that uses public-key cryptography stored on your device, eliminating phishing risk entirely.

Using MFA effectively

  • Describe how to set up and use authenticator apps such as Microsoft Authenticator or Google Authenticator to generate time-based one-time passwords for corporate accounts.
  • Describe how hardware security keys work by requiring physical possession of the key to authenticate, providing strong phishing-resistant MFA protection.
  • Explain the importance of registering backup MFA methods and securely storing recovery codes in case the primary MFA device is lost, stolen, or damaged.
  • Recognize MFA fatigue attacks where attackers repeatedly trigger push notifications hoping the user will approve one to stop the notifications, and explain why unexpected MFA prompts should be denied and reported.
  • Explain how biometric authentication including fingerprint sensors and facial recognition provides convenience and security but should be used in combination with other factors rather than as a sole authentication method.
  • Explain the risks of using a single phone for both MFA and primary authentication, and why having a backup authentication method on a separate device improves resilience.
4 Single Sign-On and Corporate Authentication
2 topics

Understanding SSO

  • Explain how single sign-on allows employees to access multiple corporate applications by authenticating once rather than maintaining separate credentials for each system.
  • Explain why SSO credentials are extremely high-value targets because compromising one SSO password potentially grants access to every application the employee uses.
  • Describe why SSO accounts must always be protected with strong passwords and MFA, and why SSO passwords should never be reused for personal accounts.
  • Recognize that phishing pages targeting SSO credentials are designed to look identical to legitimate login pages and explain how to verify the authenticity of login pages.

Corporate authentication practices

  • Explain why corporate login pages should be accessed by typing the URL directly or using bookmarks rather than clicking links in emails to avoid credential phishing attacks.
  • Describe the importance of logging out of corporate applications on shared or public devices and not saving credentials in browsers on non-corporate machines.
  • Explain why employees should never share their corporate credentials with colleagues even temporarily, and that shared accounts undermine individual accountability and access auditing.
  • Describe secure password reset procedures including verifying reset requests through official channels and recognizing that unsolicited password reset emails or calls may be phishing attempts.
  • Analyze a scenario where an employee receives an unsolicited password reset email and determine whether it is a phishing attempt or legitimate notification and the correct response.
  • Explain why employees should immediately report any unauthorized password changes or MFA enrollment modifications they did not initiate as potential account compromise indicators.
5 Session and Device Security
2 topics

Session management awareness

  • Explain why locking your workstation when leaving your desk even briefly prevents unauthorized access to open sessions and applications containing sensitive data.
  • Describe the risks of staying logged into corporate applications on personal devices and the importance of using corporate-managed devices for accessing sensitive systems.
  • Explain why using public WiFi for corporate access without a VPN exposes credentials and session tokens to interception and why employees should use corporate VPN or mobile hotspots.
  • Describe the risks of session hijacking on public Wi-Fi where attackers intercept authentication cookies and tokens to access accounts without needing the password.
  • Recognize the importance of reviewing active sessions in corporate applications periodically and terminating sessions on devices you no longer use.

Credential sharing risks

  • Recognize common credential sharing scenarios that violate policy including sharing passwords via email, sticky notes, chat messages, and verbally conveying credentials over the phone.
  • Explain why IT support and legitimate service providers will never ask for your password and that any such request should be treated as a social engineering attempt and reported.
  • Describe the authorized procedure for sharing access to resources when a colleague needs it, using delegated access, shared mailboxes, or IT-provisioned service accounts rather than personal credential sharing.
  • Analyze a credential sharing scenario where a team shares a service account password and determine the security risks and recommend proper alternatives.
6 Scenario Analysis and Best Practices
2 topics

Analyzing authentication scenarios

  • Analyze a credential compromise scenario to identify the password weakness exploited, determine what MFA protections were missing, and recommend corrective actions.
  • Analyze a credential phishing scenario to identify the red flags that should have alerted the employee and determine which authentication practices could have prevented the compromise.
  • Analyze a credential sharing scenario to identify the policy violations, assess the potential impact of the shared credentials being misused, and recommend process improvements.
  • Analyze an MFA bypass scenario to identify how the attacker circumvented the second factor and recommend stronger MFA methods and user behaviors to prevent similar attacks.
  • Analyze an MFA fatigue attack scenario where an employee approved a push notification to stop repeated prompts and determine what went wrong and how to prevent recurrence.

Personal authentication security plan

  • Synthesize a personal authentication security plan incorporating password manager adoption, unique passwords for every account, MFA enrollment, and secure session practices.
  • Synthesize an authentication security audit checklist for evaluating personal credential hygiene including password uniqueness, MFA coverage, password manager usage, and recovery code storage.
  • Synthesize recommendations for improving a team's authentication practices by addressing common weaknesses in password hygiene, MFA adoption, and credential sharing habits.

Scope

Included Topics

  • Password hygiene fundamentals: creating strong passwords, understanding password length versus complexity, avoiding common password patterns, and the risks of password reuse across personal and corporate accounts.
  • Password management tools: using corporate-approved password managers, generating strong unique passwords, securely sharing credentials when necessary, and understanding master password security.
  • Passphrases as an alternative to traditional passwords: creating memorable yet strong passphrases, understanding why length matters more than complexity, and using passphrases where password managers are not practical.
  • Multi-factor authentication (MFA): understanding the three factors (something you know, have, are), setting up authenticator apps, using hardware security keys, and understanding biometric authentication.
  • Single sign-on (SSO) awareness: understanding how SSO works, why SSO credentials are high-value targets, and the importance of protecting SSO passwords with strong credentials and MFA.
  • Credential security practices: not sharing passwords, not writing passwords on sticky notes, recognizing credential phishing, handling password reset requests securely, and proper session management including logging out of shared devices.

Not Covered

  • Technical implementation of authentication protocols such as SAML, OAuth 2.0, OpenID Connect, Kerberos, and LDAP configuration.
  • Password hashing algorithms, salting techniques, and cryptographic key derivation functions.
  • Active Directory administration, identity provider configuration, and access management platform deployment.
  • Biometric system engineering, false acceptance and rejection rate optimization, and hardware security key infrastructure setup.

SA Password Authentication is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified