{"id":9691,"date":"2026-05-28T08:54:11","date_gmt":"2026-05-28T06:54:11","guid":{"rendered":"https:\/\/www.htt.it\/?p=9691"},"modified":"2026-05-29T15:50:12","modified_gmt":"2026-05-29T13:50:12","slug":"secure-passwords-2fa-practical-guide","status":"publish","type":"post","link":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/","title":{"rendered":"Secure passwords and 2FA: practical guide"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><\/h2>\n\n\n\n\n<!-- SECTION -->\n<section  class=\"   whitesection\" style=\"\">\n    <div class=\"testo-colonna-centrale htt-generic-text\">\n        <div class=\"htt-container\">\n            <article class=\"htt-article htt-article--password-2fa\" role=\"article\" aria-labelledby=\"main-title\" aria-describedby=\"article-intro\">\n<header class=\"htt-article__header\" role=\"banner\">\n<p class=\"htt-article__eyebrow\">Cybersecurity &amp; access management<\/p>\n<h2 id=\"main-title\">Secure passwords and 2FA: how to protect accounts, users and systems<\/h2>\n<p id=\"article-intro\" class=\"intro-text\"><strong>Passwords are not an outdated topic<\/strong>. Even today, they remain one of the most sensitive points in the security of accounts, services and infrastructures. The issue, however, is no longer solved with rigid rules or mandatory password changes every month, but with a more mature approach: long, unique passwords, supported by password managers and strengthened, where possible, by two-factor authentication.<\/p>\n<\/header>\n<section class=\"htt-answer-first\" aria-labelledby=\"quick-answer\">\n<h3 id=\"quick-answer\">In short<\/h3>\n<p>A secure password today is long, unique and random.<br \/>\nIt should be managed with a password manager and, where possible, protected by two-factor authentication (2FA), passkeys or hardware keys.<br \/>\nThis approach reduces phishing, credential stuffing and unauthorized access.<\/p>\n<\/section>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-9342\" src=\"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure-2fa-passkey-password-manager-aziende-1024x572.webp\" alt=\"Modern authentication with fingerprint, passkeys, FIDO2 hardware keys and passwordless access systems in a secure cloud environment.\" width=\"1024\" height=\"572\" srcset=\"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure-2fa-passkey-password-manager-aziende-1024x572.webp 1024w, https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure-2fa-passkey-password-manager-aziende-300x167.webp 300w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<nav class=\"htt-article__toc\" aria-label=\"Article index\"><strong>Index<\/strong><\/p>\n<ol>\n<li><a href=\"#why-it-matters\">Why is password security increasingly important?<\/a><\/li>\n<li><a href=\"#how-to-do-it\">How do you build a strong password today?<\/a><\/li>\n<li><a href=\"#common-mistakes\">The most common mistakes to avoid<\/a><\/li>\n<li><a href=\"#2fa\">Why has 2FA become so important?<\/a><\/li>\n<li><a href=\"#passwordless\">Passwordless authentication<\/a><\/li>\n<li><a href=\"#mfa-vs-2fa\">Multifactor authentication<\/a><\/li>\n<li><a href=\"#password-manager\">The role of password managers<\/a><\/li>\n<li><a href=\"#companies\">What should we do in the workplace?<\/a><\/li>\n<li><a href=\"#faq\">Frequently asked questions<\/a><\/li>\n<li><a href=\"#bibliography\">Bibliography<\/a><\/li>\n<\/ol>\n<\/nav>\n<section aria-labelledby=\"why-it-matters\">\n<h3 id=\"why-it-matters\">Why is password security increasingly important?<\/h3>\n<p>Many attacks do not start with sophisticated techniques, but with weak, reused or stolen credentials. This is why the password continues to play a central role in digital security: because in many cases it still represents the first barrier between a legitimate user and unauthorized access.<\/p>\n<p>For years, people believed that a <strong>password<\/strong> was <strong>strong<\/strong> only if it was hard to remember, full of symbols and changed often. Today, the most authoritative guidelines point in a different direction: the real strength of a password lies above all in its length, uniqueness and randomness, not in artificial complexity that leads users to choose predictable variations.<\/p>\n<figure class=\"htt-article__quote\" aria-labelledby=\"quote-title-1\"><figcaption id=\"quote-title-1\" class=\"screen-reader-text\">Highlighted quote<\/figcaption><blockquote>The password has not disappeared from the priorities to address in security. What has changed is the correct way to design, manage and support it with stronger controls.<\/p><\/blockquote>\n<\/figure>\n<\/section>\n<section class=\"htt-stats\" aria-labelledby=\"statistics\">\n<h3 id=\"statistics\">The numbers that explain the problem<\/h3>\n<p>The data helps explain why credential management remains one of the most critical areas of security today. These are not theoretical risks.<\/p>\n<div class=\"htt-stats__grid\" role=\"list\" aria-label=\"Data and statistics on password security\">\n<article class=\"htt-stat-card\" role=\"listitem\">\n<p class=\"htt-stat-card__number\" aria-label=\"80 percent\">80%<\/p>\n<p class=\"htt-stat-card__label\">of data breaches involve compromised or weak credentials<\/p>\n<p class=\"htt-stat-card__source\">Source: Verizon DBIR 2023<\/p>\n<\/article>\n<article class=\"htt-stat-card\" role=\"listitem\">\n<p class=\"htt-stat-card__number\" aria-label=\"Over 24 billion\">24B+<\/p>\n<p class=\"htt-stat-card__label\">username\/password combinations exposed on the dark web in 2022 alone<\/p>\n<p class=\"htt-stat-card__source\">Source: Digital Shadows, 2022<\/p>\n<\/article>\n<article class=\"htt-stat-card\" role=\"listitem\">\n<p class=\"htt-stat-card__number\" aria-label=\"57 percent\">57%<\/p>\n<p class=\"htt-stat-card__label\">of users reuse the same password across multiple accounts<\/p>\n<p class=\"htt-stat-card__source\">Source: LastPass Psychology of Passwords, 2022<\/p>\n<\/article>\n<article class=\"htt-stat-card\" role=\"listitem\">\n<p class=\"htt-stat-card__number\" aria-label=\"Less than 30 percent\">&lt;30%<\/p>\n<p class=\"htt-stat-card__label\">of users consistently use a password manager<\/p>\n<p class=\"htt-stat-card__source\">Source: Bitwarden World Password Day Survey, 2023<\/p>\n<\/article>\n<\/div>\n<\/section>\n<section aria-labelledby=\"how-to-do-it\">\n<h3 id=\"how-to-do-it\">How do you build a strong password today?<\/h3>\n<p>Today, a good password should first of all be <strong>long<\/strong>. This is the first element that affects its resistance. In many cases, the best choice is not a \u201ccomplicated\u201d word, but a long password or a passphrase built with several non-obvious words, long enough to make brute-force attempts difficult.<\/p>\n<p>The second requirement is that it must be <strong>unique<\/strong>. Reusing the same password across multiple services is one of the most dangerous mistakes: if one account is compromised, the risk immediately spreads to the others.<\/p>\n<p>The third requirement is that it must be <strong>random or, in any case, hard to predict<\/strong>. Names, dates of birth, favorite teams, sequences such as \u201cPassword1!\u201d or small variations of previously used passwords remain fragile choices.<\/p>\n<p>In practice, <strong>a modern password must not only be difficult to guess, it must above all be difficult to reuse, derive and replicate across different services<\/strong>.<\/p>\n<\/section>\n<section class=\"htt-methods\" aria-labelledby=\"generate\">\n<h3 id=\"generate\">How to generate a strong password: two practical methods<\/h3>\n<p>Knowing that a password must be long and random is not enough. The difficult part is understanding how to do it in practice. Here are two concrete approaches, with different levels of memorability.<\/p>\n<div class=\"htt-methods__grid\">\n<article class=\"htt-method-card\" aria-labelledby=\"passphrase-method\">\n<header class=\"htt-method-card__header\"><span class=\"htt-method-card__badge\" aria-label=\"Method one\">01<\/span><\/p>\n<h4 id=\"passphrase-method\">The passphrase<\/h4>\n<p class=\"htt-method-card__subtitle\">Long, memorable, strong<\/p>\n<\/header>\n<div class=\"htt-method-card__body\">\n<p>A passphrase is a sequence of random, unrelated words. It does not have to make sense: it has to be unpredictable. Four or five common words, separated by a character, produce a password that is much more resistant than a short but \u201ccomplex\u201d string.<\/p>\n<div class=\"htt-method-card__example\" aria-label=\"Passphrase example\">\n<p class=\"htt-method-card__example-label\"><strong>Example<\/strong><\/p>\n<p class=\"htt-method-card__example-value\" aria-label=\"Passphrase example: raven dot lamp dot train75 dot sand\">raven<span class=\"sep\">\u00b7<\/span>lamp<span class=\"sep\">\u00b7<\/span>train75<span class=\"sep\">\u00b7<\/span>sand<\/p>\n<p class=\"htt-method-card__example-note\">The words must be chosen <strong>randomly<\/strong>, not by theme or linked to your life. Tools such as <a href=\"https:\/\/diceware.dmuth.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Diceware<\/a> automate this choice.<\/p>\n<\/div>\n<ul class=\"htt-method-card__pros\" aria-label=\"Benefits\">\n<li>Easy to remember for accounts used frequently<\/li>\n<li>Naturally long: typically 25\u201340 characters<\/li>\n<li>Resistant to dictionary attacks if the words are truly random<\/li>\n<\/ul>\n<\/div>\n<\/article>\n<article class=\"htt-method-card\" aria-labelledby=\"generator-method\">\n<header class=\"htt-method-card__header\"><span class=\"htt-method-card__badge\" aria-label=\"Method two\">02<\/span><\/p>\n<h4 id=\"generator-method\">The password manager generator<\/h4>\n<p class=\"htt-method-card__subtitle\">Maximum randomness, no memory required<\/p>\n<\/header>\n<div class=\"htt-method-card__body\">\n<p>All major password managers include a random password generator. You only need to configure the desired length (at least 20 characters) and the type of characters, and the software creates a string you will never have to remember: it saves it and fills it in automatically.<\/p>\n<div class=\"htt-method-card__example\" aria-label=\"Generated password example\">\n<p class=\"htt-method-card__example-label\"><strong>Example<\/strong><\/p>\n<p class=\"htt-method-card__example-value htt-method-card__example-value--mono\" aria-label=\"Automatically generated password example\">X7#mQr!9vLz@2kBpN$eW<\/p>\n<p class=\"htt-method-card__example-note\">This type of password is ideal for all accounts where you never need to type the password manually. It should not be memorized: the password manager takes care of it.<\/p>\n<\/div>\n<ul class=\"htt-method-card__pros\" aria-label=\"Benefits\">\n<li>Completely random, unique for every account<\/li>\n<li>Configurable length and complexity<\/li>\n<li>No cognitive effort for the user<\/li>\n<\/ul>\n<\/div>\n<\/article>\n<\/div>\n<aside class=\"htt-method-note\" role=\"note\" aria-label=\"Important note about the master password\"><strong>Important exception:<\/strong> the main password of your password manager, the <em>master password<\/em>, is the only one you will need to remember. For this, the passphrase method is the strongest choice: long, memorable and impossible to guess.<\/aside>\n<\/section>\n<section aria-labelledby=\"common-mistakes\">\n<h3 id=\"common-mistakes\">The most common mistakes to avoid<\/h3>\n<p><strong>One of the most frequent mistakes is believing that a password is strong just because it contains an uppercase letter, a number and a symbol<\/strong>. This approach, on its own, is not enough. It often produces combinations that are formally \u201ccomplex\u201d but actually predictable, because users tend to follow the same patterns over and over again.<\/p>\n<p><strong>Another mistake is enforcing periodic password changes without a concrete reason<\/strong>. If there is no evidence of compromise, forcing users to change passwords arbitrarily often leads to worse solutions: small variations of the previous password, notes, improper storage or reuse of already weak credentials.<\/p>\n<p>Blocking features such as <em>paste<\/em> and <em>autofill<\/em> is also outdated. Preventing these behaviors may seem cautious, but in reality it makes the correct use of password managers more difficult and pushes users toward less secure practices.<\/p>\n<\/section>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-9333\" src=\"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/differenze-prima-dopo-password-sicure-1024x683.webp\" alt=\"Infographic comparing the old approach to password security, based on mandatory symbols and periodic changes, with the modern model based on long passwords, passphrases, password managers, passkeys and multifactor authentication.\" width=\"1024\" height=\"683\" srcset=\"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/differenze-prima-dopo-password-sicure-1024x683.webp 1024w, https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/differenze-prima-dopo-password-sicure-300x200.webp 300w, https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/differenze-prima-dopo-password-sicure.webp 1536w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>From monthly password changes to passkeys: how authentication standards are changing for both private users and companies.<\/p>\n<section aria-labelledby=\"2fa\">\n<h3 id=\"2fa\">Why has 2FA become so important?<\/h3>\n<p>Even a well-designed password does not eliminate risk. It can be stolen through phishing, malware, reuse after an old data breach or simply through human error.<\/p>\n<p>And this is precisely why learning to recognize attempts at <a href=\"\/magazine\/fake-news-come-difendersi-dalla-disinformazione-nellera-digitale\/\">social engineering, deepfakes and manipulated content<\/a> is becoming an integral part of both personal and corporate digital security.<\/p>\n<p>To protect us from these dangers, <strong>2FA<\/strong>, or two-factor authentication, comes into play.<\/p>\n<p>The logic is simple: to log in, something you know (the password) is no longer enough; a second factor is also required to prove possession of the device or identity. But not all second factors offer the same level of protection.<\/p>\n<div class=\"htt-2fa-grid\" role=\"list\" aria-label=\"Types of second authentication factor\">\n<article class=\"htt-2fa-card htt-2fa-card--weak\" role=\"listitem\" aria-labelledby=\"2fa-sms\">\n<header class=\"htt-2fa-card__header\"><span class=\"htt-2fa-card__level\" aria-label=\"Level: basic\">Basic<\/span><\/p>\n<h4 id=\"2fa-sms\">SMS \/ voice call<\/h4>\n<\/header>\n<p>A temporary code is sent via SMS or phone call. Easy to activate, but vulnerable to attacks such as <em>SIM swapping<\/em> and interception. It is still better than no 2FA, but it is not the recommended choice where alternatives are available.<\/p>\n<\/article>\n<article class=\"htt-2fa-card htt-2fa-card--medium\" role=\"listitem\" aria-labelledby=\"2fa-totp\">\n<header class=\"htt-2fa-card__header\"><span class=\"htt-2fa-card__level\" aria-label=\"Level: good\">Good<\/span><\/p>\n<h4 id=\"2fa-totp\">TOTP apps (temporary codes)<\/h4>\n<\/header>\n<p>Apps such as <strong>Aegis<\/strong> (Android, open source), <strong>Raivo<\/strong> (iOS) or <strong>Google\/Microsoft Authenticator<\/strong> generate one-time codes that expire every 30 seconds. They do not require a connection and are much more secure than SMS. This is the recommended choice for most personal and business accounts.<\/p>\n<\/article>\n<article class=\"htt-2fa-card htt-2fa-card--strong\" role=\"listitem\" aria-labelledby=\"2fa-passkey\">\n<header class=\"htt-2fa-card__header\"><span class=\"htt-2fa-card__level\" aria-label=\"Level: excellent\">Excellent<\/span><\/p>\n<h4 id=\"2fa-passkey\">Passkeys and hardware keys (FIDO2\/WebAuthn)<\/h4>\n<\/header>\n<p><strong>Passkeys<\/strong> are cryptographic credentials linked to the device and standardized by the FIDO Alliance. They eliminate the traditional password and resist phishing by design: they only work on the legitimate website. Physical hardware keys, such as <strong>YubiKey<\/strong>, offer the same level of protection in a portable format. More and more services support them.<\/p>\n<\/article>\n<\/div>\n<figure class=\"htt-article__quote htt-article__quote--blue\" aria-labelledby=\"quote-title-2fa\"><figcaption id=\"quote-title-2fa\" class=\"screen-reader-text\">\n    Highlighted quote<br \/>\n  <\/figcaption><blockquote class=\"htt-article__quote-text\">\n    \u201cThe password protects the entrance.<br \/>\n     2FA protects access even when the password alone is no longer enough.<br \/>\n     But not all 2FA methods are equal: choosing the right method makes the difference.\u201d\n  <\/p><\/blockquote>\n<p>  <cite class=\"htt-article__quote-author\"><br \/>\n    Sandro Caneschi, CTO HT&amp;T Consulting<br \/>\n  <\/cite><br \/>\n<\/figure>\n<p>If a service offers several options, the recommended priority is: passkey or hardware key &gt; TOTP app &gt; SMS. Enabling any form of 2FA is still better than having none.<\/p>\n<\/section>\n<section class=\"htt-focus-block\" aria-labelledby=\"what-are-passkeys\">\n<div class=\"htt-focus-block__content\">\n<p id=\"passwordless\" class=\"htt-focus-block__eyebrow\">Passwordless authentication<\/p>\n<h3 id=\"what-are-passkeys\">Passkeys: what they are and why they are more secure than passwords<\/h3>\n<p><strong>Passkeys<\/strong> are now one of the most concrete evolutions of <strong>passwordless authentication<\/strong>, meaning authentication without passwords.<\/p>\n<p><strong>Passkeys<\/strong> are digital credentials based on cryptography that allow users to access a service without typing a traditional password.<br \/>\nIn practice, the user confirms access with an already registered device, using fingerprint, facial recognition, PIN or hardware key.<\/p>\n<p>The main difference compared with a password is that the passkey is not remembered, typed or shared by the user.<br \/>\nThe service stores a public key, while the private key remains on the user\u2019s device.<br \/>\nThis makes passkeys much more resistant to phishing, because they only work on the legitimate domain for which they were created.<\/p>\n<p>For this reason, passkeys are considered one of the most important evolutions in modern authentication. They do not eliminate every risk, but they drastically reduce typical password problems: reuse, theft, interception, weak credentials and submission on fake websites.<\/p>\n<\/div>\n<\/section>\n<section class=\"htt-focus-block htt-focus-block--alt\" aria-labelledby=\"mfa-2fa-difference\">\n<div id=\"mfa-vs-2fa\" class=\"htt-focus-block__content\">\n<p class=\"htt-focus-block__eyebrow\">Multifactor authentication<\/p>\n<h3 id=\"mfa-2fa-difference\">Difference between MFA and 2FA: what changes<\/h3>\n<p><strong>2FA<\/strong> means two-factor authentication: to log in, two different elements are required, usually a password and a second factor,<br \/>\nsuch as a temporary code generated by an app, a notification on the phone, a passkey or a hardware key.<\/p>\n<p><strong>MFA<\/strong>, on the other hand, means multifactor authentication. It is a broader concept: it refers to the use of two or more verification factors.<br \/>\nIn highly exposed contexts, many companies are adopting forms of <strong>phishing-resistant authentication<\/strong>, such as passkeys, FIDO2 and hardware keys.<br \/>\nThese factors can belong to three categories: something you know, such as a password; something you have, such as a smartphone or a physical key; something you are, such as a fingerprint or biometric recognition.<\/p>\n<p>In short, 2FA is a form of MFA, but not all MFA is limited to two factors.<br \/>\nIn everyday language, the two terms are often used as synonyms, but in a business context it is useful to distinguish them:<br \/>\nMFA refers to a broader access control strategy, while 2FA describes a specific configuration with two verification layers.<\/p>\n<\/div>\n<\/section>\n<section aria-labelledby=\"password-manager\">\n<h3 id=\"password-manager\">The role of password managers<\/h3>\n<p>In enterprise contexts, choosing a <a href=\"\/magazine\/password-manager-aziendale-1password-vs-bitwarden\/\">business password manager<\/a> means not only protecting credentials, but also governing roles, audits, sharing and privileged access.<\/p>\n<p>If the correct rule is to use long, strong and different passwords for every account, the problem quickly becomes operational: how do you manage dozens or hundreds of credentials without creating chaos?<\/p>\n<p>This is where the <strong>business password manager<\/strong> becomes a central tool for users, IT teams and organizations that need to manage shared access securely. Not only because it helps store passwords in an orderly way, but because it allows users to <strong>generate<\/strong>, <strong>save<\/strong> and <strong>fill them in automatically<\/strong>, without forcing people to simplify everything for memory reasons.<\/p>\n<div class=\"htt-pm-grid\" role=\"list\" aria-label=\"Password manager categories\">\n<article class=\"htt-pm-card\" role=\"listitem\" aria-labelledby=\"pm-cloud\">\n<h4 id=\"pm-cloud\">Cloud-based<\/h4>\n<p>They synchronize credentials across all devices. Convenient and accessible everywhere. Well-known examples: <strong>Bitwarden<\/strong>, <strong>1Password<\/strong>, <strong>Dashlane<\/strong>.<\/p>\n<p class=\"htt-pm-card__note\">To assess: the level of trust in the provider and its security and encryption policies.<\/p>\n<p>When credentials are synchronized across devices, browsers and distributed environments, the <a href=\"\/magazine\/levoluzione-della-posta-elettronica-perche-usare-sistemi-in-cloud\/\">security of corporate cloud systems<\/a> also becomes an integral part of access protection.<\/p>\n<\/article>\n<article class=\"htt-pm-card\" role=\"listitem\" aria-labelledby=\"pm-local\">\n<h4 id=\"pm-local\">Local \/ self-hosted<\/h4>\n<p>The vault remains on the device or on a proprietary server. No data is sent to third parties. Examples: <strong>KeePassXC<\/strong>, <strong>Vaultwarden<\/strong> (self-hosted).<\/p>\n<p class=\"htt-pm-card__note\">Ideal for those who prefer total control over their data. They require more attention when managing backups.<\/p>\n<\/article>\n<article class=\"htt-pm-card\" role=\"listitem\" aria-labelledby=\"pm-open\">\n<h4 id=\"pm-open\">Open source<\/h4>\n<p>The code is public and can be verified by anyone. <strong>Bitwarden<\/strong> and <strong>KeePassXC<\/strong> are among the most reliable and transparent options in this category.<\/p>\n<p class=\"htt-pm-card__note\">Code transparency does not guarantee absolute security, but it enables independent audits and greater collective trust.<\/p>\n<\/article>\n<\/div>\n<p>A good password manager reduces password reuse, makes it easier to adopt strong credentials and helps with controlled access sharing in a business context. <strong>Bitwarden<\/strong>, in its free and open-source version, is often recommended as a starting point for those approaching these tools. To learn more about business password managers, we have created an in-depth article explaining <a href=\"https:\/\/www.htt.it\/password-manager-aziendale-1password-vs-bitwarden\/\">1Password and Bitwarden for cloud and self-hosted solutions<\/a>.<\/p>\n<\/section>\n<figure class=\"htt-article__quote htt-article__quote--blue\" aria-labelledby=\"quote-password-2026\"><figcaption id=\"quote-password-2026\" class=\"screen-reader-text\">\n    Highlighted quote on the future of authentication<br \/>\n  <\/figcaption><blockquote class=\"htt-article__quote-text\">\n    \u201cThe future is about progressively reducing dependence on passwords.\u201d\n  <\/p><\/blockquote>\n<p>  <cite class=\"htt-article__quote-author\"><br \/>\n    Linda Guerrazzi, SysAdmin HT&amp;T Consulting<br \/>\n  <\/cite><br \/>\n<\/figure>\n<section aria-labelledby=\"companies\">\n<h3 id=\"companies\">What should we do in the workplace?<\/h3>\n<p>In a company, the issue is not just teaching people how to create a good password, but structuring a coherent system. This means defining clear minimum rules, encouraging the use of password managers, enabling 2FA where available, reducing access reuse, applying the principle of least privilege and keeping onboarding, offboarding and permission revocation under control.<\/p>\n<p>In other words, it means adopting processes for digital identity management, user provisioning and access control, which are increasingly central topics in ecosystems such as <a href=\"\/magazine\/levoluzione-della-posta-elettronica-perche-usare-sistemi-in-cloud\/\">Google Workspace and Microsoft 365<\/a>.<\/p>\n<p>It also means moving away from fragile practices such as credentials saved in personal browsers, shared Excel files, local notes or passwords sent in plain text via email and chat. Access security cannot depend on people\u2019s memory or individual habits.<\/p>\n<p>This approach is increasingly integrated with <strong>zero trust access<\/strong> models, where no access is considered trustworthy by default, not even within the corporate network.<br \/>\nThe password remains important, but on its own it is no longer sufficient as the only strategy. The right combination today is made of good passwords, password managers, 2FA and more mature access policies.<\/p>\n<\/section>\n<section class=\"htt-future\" aria-labelledby=\"password-2026\">\n<h3 id=\"password-2026\">Passwords and authentication: what to expect in the future.<\/h3>\n<p>The topic of credentials is undergoing a profound transformation, but we are still in a hybrid transition phase: traditional passwords, passkeys and MFA coexist, and they will probably continue to do so for years. Understanding where we are today helps us choose what to do now, not only in the future.<\/p>\n<div class=\"htt-future__grid\" role=\"list\" aria-label=\"Current trends in authentication\">\n<article class=\"htt-future__card\" role=\"listitem\" aria-labelledby=\"trend-passkey\">\n<header class=\"htt-future__card-header\">\n      <span class=\"htt-future__card-tag\">In progress<\/span><\/p>\n<h4 id=\"trend-passkey\">Passkeys are growing, but adoption is uneven<\/h4>\n<\/header>\n<p>Apple, Google and Microsoft have integrated passkeys into their ecosystems, and many consumer services already support them. In the corporate and banking sectors, especially in Italy, adoption is still partial. For now, password managers and TOTP apps remain the strongest combination for most real-world scenarios.<\/p>\n<\/article>\n<article class=\"htt-future__card\" role=\"listitem\" aria-labelledby=\"trend-hybrid\">\n<header class=\"htt-future__card-header\">\n      <span class=\"htt-future__card-tag\">Current challenge<\/span><\/p>\n<h4 id=\"trend-hybrid\">The hybrid transition is the real issue<\/h4>\n<\/header>\n<p>Companies cannot abandon passwords overnight. The period of coexistence between legacy systems and new standards creates mixed attack surfaces. Managing this transition carefully \u2014 without leaving users exposed or old systems vulnerable \u2014 is now the real operational priority.<\/p>\n<\/article>\n<article class=\"htt-future__card\" role=\"listitem\" aria-labelledby=\"trend-idp\">\n<header class=\"htt-future__card-header\">\n      <span class=\"htt-future__card-tag\">Enterprise direction<\/span><\/p>\n<h4 id=\"trend-idp\">Identity providers and SSO as central infrastructure<\/h4>\n<\/header>\n<p>More and more organizations are centralizing access management on platforms such as Microsoft Entra ID, Google Identity or Okta. This allows them to apply consistent MFA policies, manage onboarding and offboarding in a controlled way and reduce the number of separate credentials to monitor.<\/p>\n<\/article>\n<article class=\"htt-future__card\" role=\"listitem\" aria-labelledby=\"trend-ai\">\n<header class=\"htt-future__card-header\">\n      <span class=\"htt-future__card-tag\">Emerging threat<\/span><\/p>\n<h4 id=\"trend-ai\">Generative phishing changes the risk<\/h4>\n<\/header>\n<p>Phishing messages produced with artificial intelligence tools are increasingly convincing, personalized and difficult to recognize. This increases the relative value of authentication factors that are phishing-resistant by design \u2014 such as passkeys and hardware keys \u2014 compared with methods that still rely on user vigilance.<\/p>\n<\/article>\n<\/div>\n<figure class=\"htt-article__quote\" aria-labelledby=\"quote-password-future\"><figcaption id=\"quote-password-future\" class=\"screen-reader-text\">Highlighted quote on the future of authentication<\/figcaption><blockquote>The future is not about eliminating passwords overnight. It is about progressively reducing dependence on them, carefully managing the transition.<\/p><\/blockquote>\n<\/figure>\n<div class=\"htt-future__actions\" role=\"note\" aria-label=\"What to do now\">\n<h4>What you can do this week<\/h4>\n<ul>\n<li>Activate a password manager if you are not already using one, even the free version<\/li>\n<li>Enable 2FA with a TOTP app on your most critical accounts (email, bank, work)<\/li>\n<li>Check whether the services you use already support passkeys on <a href=\"https:\/\/passkeys.directory\/\" target=\"_blank\" rel=\"noopener noreferrer\">passkeys.directory<\/a><\/li>\n<li>If you manage a team, consider adopting an identity provider with SSO and centralized MFA<\/li>\n<li><a href=\"https:\/\/www.htt.it\/contatti\/\">Contact us<\/a> to speak with a consultant<\/li>\n<\/ul>\n<\/div>\n<p>These changes fit into a broader context of <strong>digital identity management<\/strong>: anyone who wants to explore how to structure access, roles and permissions in cloud environments can read our in-depth article on <a href=\"\/magazine\/password-manager-aziendale-1password-vs-bitwarden\/\">business password managers and access control<\/a>.<\/p>\n<\/section>\n<section class=\"htt-glossary\" aria-labelledby=\"password-glossary\">\n<header class=\"htt-glossary__header\">\n<p class=\"htt-glossary__eyebrow\">Quick glossary<\/p>\n<h3 id=\"password-glossary\">Key terms to know<\/h3>\n<p>Some terms come up often when talking about passwords, authentication and access security.<br \/>\nKnowing them helps you choose better tools and behaviors.<\/p>\n<\/header>\n<div class=\"htt-glossary__grid\" role=\"list\" aria-label=\"Glossary on passwords, 2FA and access security\">\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>Password manager<\/h4>\n<p>Software that generates, stores and automatically fills in long, random and different passwords for every account.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>Passphrase<\/h4>\n<p>A password made up of several random words. It is long, easier to remember and more resistant than many short and complex passwords.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>2FA<\/h4>\n<p>Two-factor authentication. In addition to the password, it requires a second verification element such as an app, temporary code or physical key.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>MFA<\/h4>\n<p>Multifactor authentication. It extends the concept of 2FA using multiple factors: something you know, something you have or something you are.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>TOTP<\/h4>\n<p>A temporary code generated by an authentication app. It changes every few seconds and is more secure than SMS.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>Passkey<\/h4>\n<p>A cryptographic credential that allows access without typing a password. It is phishing-resistant because it only works on the legitimate website.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>WebAuthn<\/h4>\n<p>A web standard that enables secure authentication through passkeys, biometrics or compatible hardware keys.<\/p>\n<\/article>\n<article class=\"htt-glossary__card\" role=\"listitem\">\n<h4>Credential stuffing<\/h4>\n<p>An attack in which credentials stolen from one service are automatically tested across many other accounts.<\/p>\n<\/article>\n<\/div>\n<\/section>\n<section class=\"htt-faq\" aria-labelledby=\"faq\">\n<h3 id=\"faq\">Frequently asked questions<\/h3>\n<details open=\"\">\n<summary>Is a long password more important than a password full of symbols?<\/summary>\n<p>In many cases, yes. Length has a major impact on overall strength. A long, unique and hard-to-predict password is often a better choice than a short password made artificially complex with a few symbols.<\/p>\n<\/details>\n<details open=\"\">\n<summary>Does it still make sense to change passwords every month?<\/summary>\n<p>Not as an automatic rule. Today, it makes more sense to change a password when there is evidence of compromise, an incident, an access revocation or a concrete reason, not simply out of habit.<\/p>\n<\/details>\n<details open=\"\">\n<summary>Does 2FA replace a strong password?<\/summary>\n<p>No. 2FA does not replace a good password: it strengthens it. The best protection comes from combining strong credentials with a second authentication factor.<\/p>\n<\/details>\n<details open=\"\">\n<summary>Is it correct to use a password manager in a company too?<\/summary>\n<p>Yes, and in many cases it is the most sensible choice. It allows better management of long and unique passwords, reduces reuse, enables controlled access sharing and improves operational order.<\/p>\n<\/details>\n<details open=\"\">\n<summary>Are rules such as \u201cone uppercase letter, one number and one symbol\u201d enough?<\/summary>\n<p>No. On their own, they are not enough. They can help in some contexts, but if they become the only criterion, they often lead to predictable passwords and trivial variations of known patterns.<\/p>\n<\/details>\n<details open=\"\">\n<summary>What are passkeys?<\/summary>\n<p>Passkeys are digital credentials based on cryptography that allow users to access a service without typing a password. They are more resistant to phishing because they only work on the legitimate domain for which they were created.<\/p>\n<\/details>\n<details open=\"\">\n<summary>What is the difference between 2FA and MFA?<\/summary>\n<p>2FA requires two authentication factors. MFA is a broader concept and refers to the use of two or more factors. In practice, 2FA is a specific form of MFA.<\/p>\n<\/details>\n<details open=\"\">\n<summary>Are SMS messages a good two-factor authentication method?<\/summary>\n<p>SMS messages are better than no protection, but they are not the most secure method. They can be vulnerable to SIM swapping, interception and targeted attacks. Where possible, it is better to use TOTP apps, passkeys or hardware keys.<\/p>\n<\/details>\n<details open=\"\">\n<summary>What is phishing-resistant authentication?<\/summary>\n<p>It is an authentication model designed to resist phishing attacks. It includes solutions such as passkeys, FIDO2, WebAuthn and hardware keys, which prevent credentials from being used on fraudulent websites.<\/p>\n<\/details>\n<details open=\"\">\n<summary>Is a business password manager secure?<\/summary>\n<p>Yes, if configured correctly. A business password manager allows you to generate strong passwords, control sharing, revoke access, manage roles and reduce the use of credentials stored insecurely.<\/p>\n<\/details>\n<details open=\"\">\n<summary>What does passwordless authentication mean?<\/summary>\n<p>Passwordless authentication is an access system that reduces or eliminates the use of the traditional password. It can be based on passkeys, biometrics, hardware keys or already registered devices.<\/p>\n<\/details>\n<details open=\"\">\n<summary>What is the relationship between passwords, MFA and zero trust access?<\/summary>\n<p>Strong passwords, MFA and continuous access control are complementary elements. In a zero trust access model, every access is verified based on identity, device, context and risk level.<\/p>\n<\/details>\n<\/section>\n<section class=\"htt-bibliography\" aria-labelledby=\"bibliography\">\n<h3 id=\"bibliography\">Bibliography<\/h3>\n<div class=\"htt-bibliography__grid\" role=\"list\" aria-label=\"Sources and references\">\n<article class=\"htt-biblio-card\" role=\"listitem\">\n<h4>NIST SP 800-63B<\/h4>\n<p>Guidelines on passwords, authentication and assurance levels, with recommendations on length, password managers, blocking compromised passwords and MFA.<\/p>\n<p><a href=\"https:\/\/pages.nist.gov\/800-63-4\/sp800-63b.html\" target=\"_blank\" rel=\"noopener noreferrer\">Open source<\/a><\/p>\n<\/article>\n<article class=\"htt-biblio-card\" role=\"listitem\">\n<h4>CISA \u2014 Use Strong Passwords<\/h4>\n<p>Practical recommendations on long, random, unique passwords supported by password managers.<\/p>\n<p><a href=\"https:\/\/www.cisa.gov\/secure-our-world\/use-strong-passwords\" target=\"_blank\" rel=\"noopener noreferrer\">Open source<\/a><\/p>\n<\/article>\n<article class=\"htt-biblio-card\" role=\"listitem\">\n<h4>CISA \u2014 Turn on MFA<\/h4>\n<p>Practical guidance on the role of multifactor authentication as an additional layer of protection beyond the password alone.<\/p>\n<p><a href=\"https:\/\/www.cisa.gov\/secure-our-world\/turn-mfa\" target=\"_blank\" rel=\"noopener noreferrer\">Open source<\/a><\/p>\n<\/article>\n<\/div>\n<\/section>\n<\/article>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n\n<style data-wp-block-html=\"css\">\n<style>\n\/* =========================\n   HT&T Magazine Article\n========================= *\/\n\n\/* Variabili definite su :root cos\u00ec sono disponibili ovunque nel DOM *\/\n:root {\n  --htt-text: #1f2937;\n  --htt-title: #0f172a;\n  --htt-muted: #5b6472;\n  --htt-border: #dbe3ef;\n  --htt-surface: #ffffff;\n  --htt-surface-soft: #f7f9fc;\n  --htt-surface-alt: #eef3fb;\n  --htt-accent: #1d4ed8;\n  --htt-accent-dark: #163fae;\n  --htt-warning: #f0a500;\n  --htt-dark: #0f172a; \/* FIX: era usata ma non definita *\/\n  --htt-shadow: 0 10px 30px rgba(15, 23, 42, 0.08);\n  --htt-shadow-lg: 0 18px 44px rgba(15, 23, 42, 0.08);\n  --htt-radius: 18px;\n  --htt-radius-sm: 12px;\n  --htt-max: 980px;\n}\n\n.htt-article {\n  max-width: var(--htt-max);\n  margin: 0 auto;\n  color: var(--htt-text);\n  line-height: 1.75;\n  font-size: 18px;\n}\n\n.htt-article * {\n  box-sizing: border-box;\n}\n\n.htt-article__header {\n  margin-bottom: 2rem;\n}\n\n.htt-article__eyebrow,\n.htt-glossary__eyebrow,\n.htt-focus-block__eyebrow {\n  display: inline-block;\n  margin: 0 0 0.9rem;\n  font-size: 0.78rem;\n  font-weight: 700;\n  letter-spacing: 0.08em;\n  text-transform: uppercase;\n  color: var(--htt-accent-dark);\n}\n\n.htt-article__eyebrow {\n  padding: 0.35rem 0.75rem;\n  background: rgba(29, 78, 216, 0.08);\n  border-radius: 999px;\n  letter-spacing: 0.02em;\n  text-transform: none;\n}\n\n.htt-article h2,\n.htt-article h3,\n.htt-article h4 {\n  color: var(--htt-title);\n  line-height: 1.2;\n  font-weight: 700;\n}\n\n.htt-article h2 {\n  font-size: clamp(2rem, 3vw, 2.9rem);\n  margin: 0 0 1rem;\n}\n\n.htt-article h3 {\n  font-size: clamp(1.45rem, 2vw, 1.95rem);\n  margin: 3rem 0 1rem;\n}\n\n.htt-article h4 {\n  font-size: 1.12rem;\n  margin: 1.5rem 0 0.7rem;\n}\n\n.htt-article p,\n.htt-article li {\n  color: var(--htt-text);\n}\n\n.htt-article p {\n  margin: 0 0 1.1rem;\n}\n\n.htt-article ul,\n.htt-article ol {\n  margin: 0 0 1.25rem 1.2rem;\n  padding: 0;\n}\n\n.htt-article li + li {\n  margin-top: 0.35rem;\n}\n\n.htt-article strong {\n  color: var(--htt-title);\n}\n\n.htt-article a {\n  color: var(--htt-accent);\n  text-decoration: underline;\n  text-underline-offset: 3px;\n}\n\n.htt-article a:hover {\n  color: var(--htt-accent-dark);\n}\n\n.htt-article a:focus-visible,\n.htt-article summary:focus-visible {\n  outline: 3px solid rgba(29, 78, 216, 0.25);\n  outline-offset: 3px;\n  border-radius: 4px;\n}\n\n.intro-text {\n  font-size: 1.1rem;\n  color: var(--htt-title);\n}\n\n\/* =========================\n   Answer First\n========================= *\/\n\n.htt-answer-first {\n  margin: 2rem 0;\n  padding: 1.4rem 1.5rem;\n  background: linear-gradient(180deg, #ffffff 0%, #f7faff 100%);\n  border: 1px solid var(--htt-border);\n  border-left: 5px solid var(--htt-accent);\n  border-radius: var(--htt-radius);\n  box-shadow: var(--htt-shadow);\n}\n\n.htt-answer-first h3 {\n  margin: 0 0 0.75rem;\n}\n\n.htt-answer-first p {\n  margin-bottom: 0;\n  font-size: 1.08rem;\n  color: var(--htt-title);\n}\n\n\/* =========================\n   TOC\n========================= *\/\n\n.htt-article__toc {\n  margin: 2rem 0 2.7rem;\n  padding: 1.3rem 1.4rem;\n  background: var(--htt-surface-soft);\n  border: 1px solid var(--htt-border);\n  border-radius: var(--htt-radius);\n}\n\n.htt-article__toc p {\n  margin: 0 0 0.75rem;\n  color: var(--htt-title);\n}\n\n.htt-article__toc ol {\n  margin: 0;\n  padding-left: 1.2rem;\n}\n\n.htt-article__toc li {\n  margin: 0;\n}\n\n.htt-article__toc li + li {\n  margin-top: 0.45rem;\n}\n\n.htt-article__toc a {\n  text-decoration: none;\n  font-weight: 600;\n}\n\n\/* =========================\n   Quotes\n========================= *\/\n\n.htt-article__quote {\n  margin: 2rem 0;\n  padding: 1.5rem 1.5rem 1.45rem 1.3rem;\n  background: linear-gradient(180deg, #ffffff 0%, #f7faff 100%);\n  border: 1px solid var(--htt-border);\n  border-left: 5px solid var(--htt-accent);\n  border-radius: var(--htt-radius);\n  box-shadow: var(--htt-shadow);\n}\n\n.htt-article__quote blockquote {\n  margin: 0;\n}\n\n.htt-article__quote p {\n  margin: 0;\n  font-size: 1.08rem;\n  color: var(--htt-title);\n}\n\n\/* =========================\n   Notes\n========================= *\/\n\n.htt-note,\n.htt-method-note {\n  margin: 1.5rem 0 2rem;\n  padding: 1rem 1.1rem;\n  background: var(--htt-surface-soft);\n  border: 1px solid var(--htt-border);\n  border-left: 4px solid var(--htt-warning);\n  border-radius: var(--htt-radius-sm);\n  color: var(--htt-text);\n  font-size: 0.9rem;\n}\n\n.htt-note strong,\n.htt-method-note strong {\n  color: var(--htt-title);\n}\n\n\/* =========================\n   Tables\n========================= *\/\n\n.htt-table {\n  width: 100%;\n  margin: 1.5rem 0 2rem;\n  border-collapse: separate;\n  border-spacing: 0;\n  background: var(--htt-surface);\n  border: 1px solid var(--htt-border);\n  border-radius: var(--htt-radius);\n  overflow: hidden;\n  box-shadow: var(--htt-shadow);\n}\n\n.htt-table caption {\n  text-align: left;\n  padding: 1rem 1rem 0.75rem;\n  font-weight: 700;\n  color: var(--htt-title);\n}\n\n.htt-table th,\n.htt-table td {\n  padding: 1rem;\n  text-align: left;\n  vertical-align: top;\n  border-top: 1px solid var(--htt-border);\n}\n\n.htt-table thead th {\n  background: var(--htt-surface-soft);\n  color: var(--htt-title);\n  border-top: 0;\n}\n\n.htt-table tbody tr:nth-child(even) {\n  background: #fbfcfe;\n}\n\n\/* =========================\n   Stats Cards\n========================= *\/\n\n.htt-stats {\n  margin: 3rem 0;\n}\n\n.htt-stats__grid {\n  display: grid;\n  grid-template-columns: repeat(auto-fit, minmax(210px, 1fr));\n  gap: 1.25rem;\n  margin-top: 1.5rem;\n}\n\n.htt-stat-card {\n  position: relative;\n  overflow: hidden;\n  background: linear-gradient(180deg, #ffffff 0%, #f8fafc 100%);\n  border: 1px solid var(--htt-border);\n  border-radius: 22px;\n  padding: 1.5rem;\n  box-shadow: 0 12px 32px rgba(16, 24, 40, 0.05);\n}\n\n.htt-stat-card__number {\n  position: relative;\n  z-index: 1;\n  font-size: clamp(38px, 5vw, 52px) !important;\n  font-weight: 800;\n  line-height: 1;\n  color: var(--htt-dark);\n  letter-spacing: -0.04em;\n  margin: 0 0 0.55rem !important;\n}\n\n.htt-stat-card__label {\n  margin: 0 0 0.85rem;\n  font-size: 0.95rem;\n  color: var(--htt-text);\n}\n\n.htt-stat-card__source {\n  margin: 0;\n  font-size: 0.78rem;\n  font-weight: 700;\n  color: var(--htt-muted);\n}\n\/* =========================\n   Metodi Generazione Password\n========================= *\/\n\n.htt-methods {\n  margin: 3rem 0;\n}\n\n.htt-methods__grid {\n  display: grid;\n  grid-template-columns: repeat(2, minmax(0, 1fr));\n  gap: 1.5rem;\n  margin: 1.5rem 0;\n}\n\n.htt-method-card {\n  border: 1px solid var(--htt-border);\n  border-radius: var(--htt-radius);\n  overflow: hidden;\n  box-shadow: var(--htt-shadow);\n  background: var(--htt-surface);\n}\n\n.htt-method-card__header {\n  background: var(--htt-surface-soft);\n  padding: 1rem 1.25rem;\n  display: flex;\n  flex-direction: column;\n  gap: 0.25rem;\n  border-bottom: 1px solid var(--htt-border);\n}\n\n.htt-method-card__header p {\n  margin: 0;\n}\n\n.htt-method-card__badge {\n  font-size: 0.75rem;\n  font-weight: 700;\n  letter-spacing: 0.1em;\n  color: var(--htt-accent);\n}\n\n.htt-method-card__header h4 {\n  margin: 0;\n  font-size: 1.1rem;\n}\n\n.htt-method-card__subtitle {\n  font-size: 0.85rem;\n  color: var(--htt-muted);\n  margin: 0;\n}\n\n.htt-method-card__body {\n  padding: 1.25rem;\n}\n\n\/* FIX: i <p> dentro .htt-method-card__body non devono essere resettati\n   da regole generali di .htt-focus-block p o simili *\/\n.htt-method-card__body > p {\n  color: var(--htt-text);\n  font-size: 0.95rem;\n}\n\n.htt-method-card__example {\n  background: var(--htt-surface-alt);\n  border-radius: var(--htt-radius-sm);\n  padding: 1rem;\n  margin: 1rem 0;\n}\n\n.htt-method-card__example-label {\n  font-size: 0.75rem;\n  font-weight: 800;\n  text-transform: uppercase;\n  letter-spacing: 0.08em;\n  color: var(--htt-muted);\n  margin: 0 0 0.4rem;\n}\n\n.htt-method-card__example-value {\n  font-size: 1.05rem;\n  font-weight: 600;\n  margin: 0 0 0.5rem;\n  word-break: break-all;\n}\n\n.htt-method-card__example-value--mono {\n  font-family: \"Courier New\", Courier, monospace;\n  letter-spacing: 0.05em;\n}\n\n.htt-method-card__example-value .sep {\n  color: var(--htt-accent);\n  padding: 0 2px;\n}\n\n.htt-method-card__example-note {\n  font-size: 0.85rem;\n  color: var(--htt-muted);\n  margin: 0;\n}\n\n.htt-method-card__pros {\n  margin: 0.75rem 0 0;\n  padding-left: 1.25rem;\n  font-size: 0.9rem;\n}\n\n.htt-method-card__pros li {\n  margin-bottom: 0.35rem;\n}\n\n\/* =========================\n   2FA Cards\n========================= *\/\n\n.htt-2fa-grid {\n  display: grid;\n  grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));\n  gap: 1.25rem;\n  margin: 1.5rem 0;\n}\n\n.htt-2fa-card {\n  border-radius: var(--htt-radius);\n  border: 1px solid var(--htt-border);\n  overflow: hidden;\n  box-shadow: var(--htt-shadow);\n  background: var(--htt-surface);\n}\n\n.htt-2fa-card__header {\n  padding: 0.9rem 1.25rem;\n  display: flex;\n  flex-direction: column;\n  align-items: flex-start;\n  gap: 0.45rem;\n}\n\n\/* FIX: selettore unificato senza duplicati, con specificit\u00e0 corretta *\/\n.htt-2fa-card__header h4 {\n  color: var(--htt-title);\n  margin: 0;\n  font-size: 1rem;\n  line-height: 1.3;\n  overflow-wrap: anywhere;\n}\n\n.htt-2fa-card__header p {\n  margin: 0;\n}\n\n.htt-2fa-card--weak .htt-2fa-card__header {\n  background: #fff3cd;\n}\n\n.htt-2fa-card--medium .htt-2fa-card__header {\n  background: #d1ecf1;\n}\n\n.htt-2fa-card--strong .htt-2fa-card__header {\n  background: #d4edda;\n}\n\n.htt-2fa-card__level {\n  font-size: 0.72rem;\n  font-weight: 700;\n  text-transform: uppercase;\n  letter-spacing: 0.08em;\n  padding: 0.2rem 0.5rem;\n  border-radius: 4px;\n  white-space: nowrap;\n}\n\n.htt-2fa-card--weak .htt-2fa-card__level {\n  background: #f0c060;\n  color: #5a3e00;\n}\n\n.htt-2fa-card--medium .htt-2fa-card__level {\n  background: #5bc0de;\n  color: #ffffff;\n}\n\n.htt-2fa-card--strong .htt-2fa-card__level {\n  background: #28a745;\n  color: #ffffff;\n}\n\n\/* FIX: il testo del corpo delle card 2FA non deve ereditare padding\/margin\n   da regole generali come .htt-focus-block p *\/\n.htt-2fa-card > p {\n  padding: 1rem 1.25rem;\n  font-size: 0.9rem;\n  margin: 0;\n  color: var(--htt-text);\n}\n\n\/* =========================\n   Focus Blocks\n========================= *\/\n\n.htt-focus-block,\n.htt-future {\n  margin: clamp(38px, 6vw, 64px) 0;\n  padding: clamp(26px, 4vw, 42px);\n  border-radius: var(--htt-radius);\n  background: linear-gradient(135deg, #f6f8ff 0%, #ffffff 62%);\n  border: 1px solid var(--htt-border);\n  box-shadow: var(--htt-shadow-lg);\n}\n\n.htt-focus-block--alt {\n  background: linear-gradient(135deg, #f7fbf8 0%, #ffffff 62%);\n}\n\n.htt-focus-block__content {\n  max-width: 820px;\n}\n\n.htt-focus-block h3,\n.htt-future h3 {\n  margin: 0 0 16px;\n  font-size: clamp(1.45rem, 2.5vw, 2rem);\n}\n\n\/* FIX: .htt-focus-block p si applica solo ai <p> diretti,\n   non a quelli nelle card figlie, grazie al selettore > *\/\n.htt-focus-block > .htt-focus-block__content > p,\n.htt-focus-block__content > p,\n.htt-future > p {\n  margin: 0 0 16px;\n  font-size: 1rem;\n  line-height: 1.75;\n  color: var(--htt-text);\n}\n\n.htt-focus-block__content > p:last-child,\n.htt-future > p:last-child {\n  margin-bottom: 0;\n}\n\n\/* =========================\n   Password Manager Cards\n========================= *\/\n\n.htt-pm-grid {\n  display: grid;\n  grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));\n  gap: 1.25rem;\n  margin: 1.5rem 0;\n}\n\n.htt-pm-card {\n  display: flex;\n  flex-direction: column;\n  border: 1px solid var(--htt-border);\n  border-radius: var(--htt-radius);\n  padding: 1.25rem;\n  background: linear-gradient(180deg, #ffffff 0%, #f7faff 100%);\n  box-shadow: var(--htt-shadow);\n}\n\n.htt-pm-card h4 {\n  margin: 0 0 0.6rem;\n  font-size: 1rem;\n  color: var(--htt-title);\n}\n\n.htt-pm-card p {\n  font-size: 0.9rem;\n  margin: 0 0 0.5rem;\n  color: var(--htt-text);\n}\n\n.htt-pm-card__note {\n  margin-top: auto;\n  font-size: 0.82rem;\n  color: var(--htt-muted);\n  font-style: italic;\n}\n\n\/* =========================\n   Glossary\n========================= *\/\n\n.htt-glossary {\n  margin: clamp(42px, 6vw, 72px) 0;\n  padding: clamp(24px, 4vw, 40px);\n  border-radius: var(--htt-radius);\n  background:\n    radial-gradient(circle at top left, rgba(29, 78, 216, 0.10), transparent 34%),\n    linear-gradient(135deg, #f7f9ff 0%, #ffffff 58%, #f4f7fb 100%);\n  border: 1px solid var(--htt-border);\n}\n\n.htt-glossary__header {\n  max-width: 760px;\n  margin-bottom: 28px;\n}\n\n.htt-glossary__header p {\n  margin: 0;\n  color: var(--htt-muted);\n}\n\n.htt-glossary h3 {\n  margin: 0 0 12px;\n  font-size: clamp(1.45rem, 2.4vw, 2rem);\n}\n\n.htt-glossary__grid {\n  display: grid;\n  grid-template-columns: repeat(2, minmax(0, 1fr));\n  gap: 16px;\n}\n\n.htt-glossary__card {\n  position: relative;\n  padding: 22px 22px 20px;\n  border-radius: var(--htt-radius);\n  background: rgba(255, 255, 255, 0.88);\n  border: 1px solid var(--htt-border);\n  box-shadow: var(--htt-shadow);\n}\n\n.htt-glossary__card::before {\n  content: \"\";\n  position: absolute;\n  left: 22px;\n  top: 0;\n  width: 46px;\n  height: 4px;\n  border-radius: 999px;\n  background: var(--htt-title);\n  transform: translateY(-1px);\n}\n\n.htt-glossary__card h4 {\n  margin: 0 0 8px;\n  font-size: 1.05rem;\n  color: var(--htt-title);\n}\n\n.htt-glossary__card p {\n  margin: 0;\n  font-size: 0.96rem;\n  line-height: 1.65;\n  color: var(--htt-muted);\n}\n\n\/* =========================\n   Bibliography Cards\n========================= *\/\n\n.htt-bibliography {\n  margin-top: 3.25rem;\n}\n\n.htt-bibliography__grid {\n  display: grid;\n  grid-template-columns: repeat(2, minmax(0, 1fr));\n  gap: 1.1rem;\n  margin-top: 1.2rem;\n}\n\n.htt-biblio-card {\n  display: flex;\n  flex-direction: column;\n  justify-content: space-between;\n  padding: 1.25rem 1.25rem 1.15rem;\n  background: linear-gradient(180deg, #ffffff 0%, #f9fbff 100%);\n  border: 1px solid var(--htt-border);\n  border-radius: var(--htt-radius);\n  box-shadow: var(--htt-shadow);\n  transition: transform 0.2s ease, box-shadow 0.2s ease, border-color 0.2s ease;\n}\n\n.htt-biblio-card:hover {\n  transform: translateY(-2px);\n  border-color: #c6d4ea;\n  box-shadow: 0 14px 34px rgba(15, 23, 42, 0.11);\n}\n\n.htt-biblio-card h4 {\n  margin: 0 0 0.65rem;\n  font-size: 1.02rem;\n  line-height: 1.35;\n  color: var(--htt-title);\n}\n\n.htt-biblio-card p {\n  margin: 0 0 0.8rem;\n  color: var(--htt-muted);\n  font-size: 0.98rem;\n}\n\n.htt-biblio-card p:last-child {\n  margin-top: auto;\n  margin-bottom: 0;\n}\n\n.htt-biblio-card a {\n  display: inline-flex;\n  align-items: center;\n  gap: 0.35rem;\n  font-weight: 700;\n  text-decoration: none;\n  color: var(--htt-accent);\n}\n\n.htt-biblio-card a::after {\n  content: \"\u2192\";\n  font-size: 0.95em;\n  transition: transform 0.2s ease;\n}\n\n.htt-biblio-card a:hover::after {\n  transform: translateX(2px);\n}\n\n\/* =========================\n   FAQ\n========================= *\/\n\n.htt-faq details {\n  margin-bottom: 0.75rem;\n  border: 1px solid var(--htt-border);\n  border-radius: var(--htt-radius-sm);\n  padding: 0.9rem 1.1rem;\n  background: var(--htt-surface);\n}\n\n.htt-faq summary {\n  font-weight: 600;\n  cursor: pointer;\n  color: var(--htt-title);\n  list-style: none;\n}\n\n.htt-faq summary::-webkit-details-marker {\n  display: none;\n}\n\n.htt-faq details > p {\n  margin: 0.75rem 0 0;\n  font-size: 0.95rem;\n  color: var(--htt-text);\n}\n\n\/* =========================\n   Utility\n========================= *\/\n\n.screen-reader-text {\n  position: absolute !important;\n  width: 1px;\n  height: 1px;\n  padding: 0;\n  margin: -1px;\n  overflow: hidden;\n  clip: rect(0, 0, 0, 0);\n  white-space: nowrap;\n  border: 0;\n}\n\n\/* =========================\n   Responsive\n========================= *\/\n\n@media (max-width: 991px) {\n  .htt-bibliography__grid {\n    grid-template-columns: 1fr;\n  }\n}\n\n@media (max-width: 760px) {\n  .htt-glossary__grid,\n  .htt-methods__grid {\n    grid-template-columns: 1fr;\n  }\n}\n\n@media (max-width: 767px) {\n  .htt-article {\n    font-size: 16px;\n  }\n\n  .htt-article h2 {\n    margin-bottom: 0.85rem;\n  }\n\n  .htt-article__toc,\n  .htt-answer-first,\n  .htt-biblio-card,\n  .htt-stat-card,\n  .htt-method-card,\n  .htt-pm-card,\n  .htt-2fa-card,\n  .htt-article__quote,\n  .htt-focus-block,\n  .htt-future,\n  .htt-glossary,\n  .htt-glossary__card {\n    border-radius: 14px;\n  }\n\n  .htt-pm-grid,\n  .htt-2fa-grid {\n    grid-template-columns: 1fr;\n  }\n\n  .htt-table {\n    display: block;\n    overflow-x: auto;\n    -webkit-overflow-scrolling: touch;\n  }\n\n  .htt-table th,\n  .htt-table td {\n    min-width: 180px;\n  }\n}\n\n\/* \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n   htt-future \u2014 sezione futuro prossimo\n   Allineato alle variabili :root del tema\n   \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 *\/\n\n\/* Grid 2 colonne, responsive *\/\n.htt-future__grid {\n  display: grid;\n  grid-template-columns: repeat(2, 1fr);\n  gap: 1.25rem;\n  margin: 2rem 0;\n}\n\n\/* Card *\/\n.htt-future__card {\n  background: var(--htt-surface);\n  border: 1px solid var(--htt-border);\n  border-top: 3px solid var(--htt-title);\n  border-radius: var(--htt-radius-sm);\n  padding: 1.25rem 1.5rem;\n  box-shadow: var(--htt-shadow);\n}\n\n.htt-future__card-header {\n  margin-bottom: 0.75rem;\n}\n\n\/* Override necessario: .htt-article h4 ha margin: 1.5rem 0 0.7rem\n   che spinge il titolo troppo in basso dentro la card *\/\n.htt-future__card-header h4 {\n  margin: 0.35rem 0 0;\n  font-size: 1rem;\n  font-weight: 700;\n  line-height: 1.4;\n  color: var(--htt-title);\n}\n\n\/* Tag colorati \u2014 stessa logica di .htt-2fa-card__level *\/\n.htt-future__card-tag {\n  display: inline-block;\n  font-size: 0.72rem;\n  font-weight: 700;\n  text-transform: uppercase;\n  letter-spacing: 0.08em;\n  padding: 0.2em 0.6em;\n  border-radius: 4px;\n  white-space: nowrap;\n}\n\n\/* Varianti cromatiche per tag *\/\n.htt-future__card:nth-child(1) .htt-future__card-tag {\n  background: #d4edda;\n  color: #155724;\n}\n\n.htt-future__card:nth-child(2) .htt-future__card-tag {\n  background: #fff3cd;\n  color: #5a3e00;\n}\n\n.htt-future__card:nth-child(3) .htt-future__card-tag {\n  background: var(--htt-surface-alt);\n  color: var(--htt-accent-dark);\n}\n\n.htt-future__card:nth-child(4) .htt-future__card-tag {\n  background: #fce8e8;\n  color: #922b21;\n}\n\n\/* Override: .htt-article p ha margin: 0 0 1.1rem\n   nelle card non vogliamo margine inferiore *\/\n.htt-future__card > p {\n  margin: 0;\n  font-size: 0.95rem;\n  line-height: 1.65;\n  color: var(--htt-text);\n}\n\n\/* Box azioni \u2014 stesso stile di .htt-method-note\n   ma con accent blu invece di warning *\/\n.htt-future__actions {\n  background: var(--htt-surface-alt);\n  border: 1px solid var(--htt-border);\n  border-left: 4px solid var(--htt-accent);\n  border-radius: var(--htt-radius-sm);\n  padding: 1.25rem 1.5rem;\n  margin: 2rem 0;\n}\n\n\/* Override: .htt-article h4 margin *\/\n.htt-future__actions h4 {\n  margin: 0 0 0.75rem;\n  font-size: 1rem;\n  font-weight: 700;\n  color: var(--htt-title);\n}\n\n\/* Override: .htt-article ul ha margin: 0 0 1.25rem 1.2rem *\/\n.htt-future__actions ul {\n  margin: 0;\n  padding-left: 1.25rem;\n}\n\n.htt-future__actions li {\n  font-size: 0.95rem;\n  line-height: 1.65;\n  margin-bottom: 0.4rem;\n  color: var(--htt-text);\n}\n\n.htt-future__actions li:last-child {\n  margin-bottom: 0;\n}\n\n\/* Responsive *\/\n@media (max-width: 768px) {\n  .htt-future__grid {\n    grid-template-columns: 1fr;\n  }\n}\n.htt-article__quote--blue {\n  position: relative;\n  margin: 36px 0 48px;\n  padding: 24px 26px 24px 42px;\n  border: 1px solid #e5e7eb;\n  border-left: 0;\n  border-radius: 18px;\n  background: #f8fafc;\n  box-shadow: 0 10px 30px rgba(15, 23, 42, 0.05);\n  overflow: hidden;\n}\n\n.htt-article__quote--blue::after {\n  content: \"\";\n  position: absolute;\n  top: 24px;\n  bottom: 24px;\n  left: 16px;\n  width: 14px;\n  border: 4px solid #2563eb;\n  border-right: 0;\n  border-radius: 999px 0 0 999px;\n  pointer-events: none;\n}\n\n.htt-article__quote--blue::before {\n  content: \"\";\n  display: none;\n}\n\n.htt-article__quote-text {\n  position: relative;\n  z-index: 1;\n  margin: 0 0 1rem;\n  font-size: clamp(1.15rem, 2vw, 1.45rem);\n  line-height: 1.65;\n  font-style: italic;\n  font-weight: 500;\n  color: #111827;\n}\n\n.htt-article__quote-author {\n  position: relative;\n  z-index: 1;\n  display: block;\n  font-size: 0.92rem;\n  font-style: normal;\n  font-weight: 700;\n  color: #2563eb;\n}\n\n@media (max-width: 768px) {\n  .htt-article__quote--blue {\n    padding: 1.5rem 1.3rem 1.5rem 2.3rem;\n    border-radius: 16px;\n  }\n\n  .htt-article__quote--blue::after {\n    top: 20px;\n    bottom: 20px;\n    left: 14px;\n    width: 12px;\n  }\n\n  .htt-article__quote-text {\n    font-size: 1.1rem;\n  }\n}\n<\/style>\n<\/style>\n\n<script data-wp-block-html=\"js\">\n<script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"FAQPage\",\n  \"inLanguage\": \"it-IT\",\n  \"mainEntityOfPage\": {\n    \"@type\": \"WebPage\",\n    \"@id\": \"https:\/\/www.htt.it\/password-sicure-2fa-guida-aziende\/\"\n  },\n  \"url\": \"https:\/\/www.htt.it\/password-sicure-2fa-guida-aziende\/\",\n  \"mainEntity\": [\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Una password lunga \u00e8 pi\u00f9 importante di una password piena di simboli?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"In molti casi s\u00ec. La lunghezza incide moltissimo sulla robustezza complessiva. Una password lunga, unica e poco prevedibile \u00e8 spesso una scelta migliore di una password corta resa artificialmente complessa con qualche simbolo.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Ha ancora senso cambiare password ogni mese?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Non come regola automatica. Oggi ha pi\u00f9 senso cambiare password quando c\u2019\u00e8 evidenza di compromissione, un incidente, una revoca di accesso o una ragione concreta, non per semplice abitudine.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"La 2FA sostituisce una password forte?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"No. La 2FA non sostituisce una buona password: la rafforza. La protezione migliore nasce dall\u2019uso combinato di credenziali solide e di un secondo fattore di autenticazione.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"\u00c8 corretto usare un password manager anche in azienda?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"S\u00ec, anzi in molti casi \u00e8 la scelta pi\u00f9 sensata. Permette di gestire meglio password lunghe e uniche, ridurre il riuso, condividere accessi in modo controllato e aumentare l\u2019ordine operativo.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Le regole tipo \u201cuna maiuscola, un numero e un simbolo\u201d bastano?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"No. Da sole non bastano. Possono aiutare in alcuni contesti, ma se diventano l\u2019unico criterio spingono spesso verso password prevedibili e variazioni banali di schemi gi\u00e0 noti.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Che cosa sono le passkey?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Le passkey sono credenziali digitali basate su crittografia che permettono di accedere a un servizio senza digitare una password. Sono pi\u00f9 resistenti al phishing perch\u00e9 funzionano solo sul dominio legittimo per cui sono state create.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Qual \u00e8 la differenza tra 2FA e MFA?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"La 2FA richiede due fattori di autenticazione. La MFA \u00e8 un concetto pi\u00f9 ampio e indica l\u2019uso di due o pi\u00f9 fattori. In pratica, la 2FA \u00e8 una forma specifica di MFA.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Gli SMS sono un buon metodo di autenticazione a due fattori?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Gli SMS sono meglio di nessuna protezione, ma non sono il metodo pi\u00f9 sicuro. Possono essere vulnerabili a SIM swapping, intercettazioni e attacchi mirati. Dove possibile, meglio usare app TOTP, passkey o chiavi hardware.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Cos\u2019\u00e8 la phishing resistant authentication?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"\u00c8 un modello di autenticazione progettato per resistere agli attacchi di phishing. Include soluzioni come passkey, FIDO2, WebAuthn e chiavi hardware, che impediscono l\u2019uso delle credenziali su siti fraudolenti.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Un password manager aziendale \u00e8 sicuro?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"S\u00ec, se configurato correttamente. Un password manager aziendale consente di generare password robuste, controllare le condivisioni, revocare accessi, gestire ruoli e ridurre l\u2019uso di credenziali salvate in modo non sicuro.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Che cosa significa passwordless authentication?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"La passwordless authentication \u00e8 un sistema di accesso che riduce o elimina l\u2019uso della password tradizionale. Pu\u00f2 basarsi su passkey, biometria, chiavi hardware o dispositivi gi\u00e0 registrati.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Che rapporto c\u2019\u00e8 tra password, MFA e zero trust access?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Password robuste, MFA e controllo continuo degli accessi sono elementi complementari. In un modello zero trust access, ogni accesso viene verificato in base a identit\u00e0, dispositivo, contesto e livello di rischio.\"\n      }\n    }\n  ]\n}\n<\/script>\n\n\n\n<!-- SECTION -->\n<section  class=\"block-banner-mmet darksection\" style=\"\">\n    <div class=\"htt-container htt-talk-idea\">\n        <div class=\"htt-talk-idea--left\">\n            <p>Do you want to increase security when using passwords in your company?<\/p>\n        <\/div>\n        <div class=\"htt-talk-idea--right\">\n            <div class=\"htt-talk-idea--card\">\n                <h4>\ud83d\udc4b <br>Discuss it with                    Sandro!\n                <\/h4>\n                                        <div class=\"htt-talk-idea--person\">\n                            <div class=\"avatar\" style=\"background-image: url(https:\/\/www.htt.it\/wp-content\/uploads\/2023\/12\/avatar_sandro.webp)\"><\/div><p>Sandro Caneschi<span>Sandro Caneschi is CTO at HT&T Consulting. He holds a degree in Computer Science and has been working for over 15 years in the development of digital solutions and the technical management of complex projects, contributing to the agency\u2019s innovation and technological strength.<\/span><\/p>                        <\/div>\n                                                    <!-- <a class=\"htt-talk-idea--meet\" href=\"https:\/\/www.htt.it\/contatti\/\">Prenota un meet<\/a> -->\n                <a class=\"htt-talk-idea--meet\" href=\"https:\/\/www.htt.it\/contatti\/\">Book a meeting<\/a>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":20,"featured_media":9338,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,121],"tags":[923,312,271,94,922,924,930,927,928,929],"class_list":["post-9691","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-agency","category-best-practice-en","tag-2fa","tag-business-password-manager","tag-cybersecurity","tag-expertises-en","tag-mfa","tag-passkey","tag-password","tag-passwordless-authentication","tag-phishing-resistant-authentication","tag-zero-trust-access"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Secure passwords and 2FA: practical guide to protecting accounts .<\/title>\n<meta name=\"description\" content=\"Learn how to create secure passwords, use 2FA, passkeys and password managers to protect accounts, users and business systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure passwords and 2FA: practical guide to protecting accounts\" \/>\n<meta property=\"og:description\" content=\"Learn how to create secure passwords, use 2FA, passkeys and password managers to protect accounts, users and business systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"HT&amp;T Consulting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/HttConsulting\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-28T06:54:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-29T13:50:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1044\" \/>\n\t<meta property=\"og:image:height\" content=\"1044\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Massimiliano Baldocchi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@htt\" \/>\n<meta name=\"twitter:site\" content=\"@htt\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Massimiliano Baldocchi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/\"},\"author\":{\"name\":\"Massimiliano Baldocchi\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/#\\\/schema\\\/person\\\/d097314406f9b8bb2bef7c594d83388c\"},\"headline\":\"Secure passwords and 2FA: practical guide\",\"datePublished\":\"2026-05-28T06:54:11+00:00\",\"dateModified\":\"2026-05-29T13:50:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/\"},\"wordCount\":6,\"publisher\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.htt.it\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/password-sicure.webp\",\"keywords\":[\"2FA\",\"business password manager\",\"Cybersecurity\",\"Expertises\",\"MFA\",\"passkey\",\"password\",\"passwordless authentication\",\"phishing resistant authentication\",\"zero trust access\"],\"articleSection\":[\"agency\",\"Best practice\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/\",\"url\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/\",\"name\":\"Secure passwords and 2FA: practical guide to protecting accounts\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.htt.it\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/password-sicure.webp\",\"datePublished\":\"2026-05-28T06:54:11+00:00\",\"dateModified\":\"2026-05-29T13:50:12+00:00\",\"description\":\"Learn how to create secure passwords, use 2FA, passkeys and password managers to protect accounts, users and business systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.htt.it\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/password-sicure.webp\",\"contentUrl\":\"https:\\\/\\\/www.htt.it\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/password-sicure.webp\",\"width\":1044,\"height\":1044,\"caption\":\"password sicure, guida per le aziende aggiornata\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/secure-passwords-2fa-practical-guide\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.htt.it\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure passwords and 2FA: practical guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.htt.it\\\/en\\\/\",\"name\":\"HT&T Consulting\",\"description\":\"Scale-up your digital business\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.htt.it\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.htt.it\\\/en\\\/#\\\/schema\\\/person\\\/d097314406f9b8bb2bef7c594d83388c\",\"name\":\"Massimiliano Baldocchi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee74c8fcce5556dd1c917b477e84c173a025529c0ebe30126a3a3857209ac3f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee74c8fcce5556dd1c917b477e84c173a025529c0ebe30126a3a3857209ac3f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee74c8fcce5556dd1c917b477e84c173a025529c0ebe30126a3a3857209ac3f7?s=96&d=mm&r=g\",\"caption\":\"Massimiliano Baldocchi\"},\"description\":\"Massimiliano Baldocchi \u00e8 CEO di HT&amp;T Consulting e da oltre 30 anni opera nel settore della comunicazione, del marketing e del digitale. Laureato in Informatica presso l'Universit\u00e0 di Pisa, coordina la visione strategica dell'agenzia accompagnando aziende e brand nella definizione di strategie integrate tra dati, creativit\u00e0 e tecnologia.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/massimilianobaldocchi\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure passwords and 2FA: practical guide to protecting accounts .","description":"Learn how to create secure passwords, use 2FA, passkeys and password managers to protect accounts, users and business systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/","og_locale":"en_US","og_type":"article","og_title":"Secure passwords and 2FA: practical guide to protecting accounts","og_description":"Learn how to create secure passwords, use 2FA, passkeys and password managers to protect accounts, users and business systems.","og_url":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/","og_site_name":"HT&amp;T Consulting","article_publisher":"https:\/\/www.facebook.com\/HttConsulting","article_published_time":"2026-05-28T06:54:11+00:00","article_modified_time":"2026-05-29T13:50:12+00:00","og_image":[{"width":1044,"height":1044,"url":"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure.webp","type":"image\/webp"}],"author":"Massimiliano Baldocchi","twitter_card":"summary_large_image","twitter_creator":"@htt","twitter_site":"@htt","twitter_misc":{"Written by":"Massimiliano Baldocchi","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#article","isPartOf":{"@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/"},"author":{"name":"Massimiliano Baldocchi","@id":"https:\/\/www.htt.it\/en\/#\/schema\/person\/d097314406f9b8bb2bef7c594d83388c"},"headline":"Secure passwords and 2FA: practical guide","datePublished":"2026-05-28T06:54:11+00:00","dateModified":"2026-05-29T13:50:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/"},"wordCount":6,"publisher":{"@id":"https:\/\/www.htt.it\/en\/#organization"},"image":{"@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure.webp","keywords":["2FA","business password manager","Cybersecurity","Expertises","MFA","passkey","password","passwordless authentication","phishing resistant authentication","zero trust access"],"articleSection":["agency","Best practice"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/","url":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/","name":"Secure passwords and 2FA: practical guide to protecting accounts","isPartOf":{"@id":"https:\/\/www.htt.it\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#primaryimage"},"image":{"@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure.webp","datePublished":"2026-05-28T06:54:11+00:00","dateModified":"2026-05-29T13:50:12+00:00","description":"Learn how to create secure passwords, use 2FA, passkeys and password managers to protect accounts, users and business systems.","breadcrumb":{"@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#primaryimage","url":"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure.webp","contentUrl":"https:\/\/www.htt.it\/wp-content\/uploads\/2026\/05\/password-sicure.webp","width":1044,"height":1044,"caption":"password sicure, guida per le aziende aggiornata"},{"@type":"BreadcrumbList","@id":"https:\/\/www.htt.it\/en\/secure-passwords-2fa-practical-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.htt.it\/en\/"},{"@type":"ListItem","position":2,"name":"Secure passwords and 2FA: practical guide"}]},{"@type":"WebSite","@id":"https:\/\/www.htt.it\/en\/#website","url":"https:\/\/www.htt.it\/en\/","name":"HT&T Consulting","description":"Scale-up your digital business","publisher":{"@id":"https:\/\/www.htt.it\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.htt.it\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.htt.it\/en\/#\/schema\/person\/d097314406f9b8bb2bef7c594d83388c","name":"Massimiliano Baldocchi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ee74c8fcce5556dd1c917b477e84c173a025529c0ebe30126a3a3857209ac3f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ee74c8fcce5556dd1c917b477e84c173a025529c0ebe30126a3a3857209ac3f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ee74c8fcce5556dd1c917b477e84c173a025529c0ebe30126a3a3857209ac3f7?s=96&d=mm&r=g","caption":"Massimiliano Baldocchi"},"description":"Massimiliano Baldocchi \u00e8 CEO di HT&amp;T Consulting e da oltre 30 anni opera nel settore della comunicazione, del marketing e del digitale. Laureato in Informatica presso l'Universit\u00e0 di Pisa, coordina la visione strategica dell'agenzia accompagnando aziende e brand nella definizione di strategie integrate tra dati, creativit\u00e0 e tecnologia.","sameAs":["https:\/\/www.linkedin.com\/in\/massimilianobaldocchi\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/posts\/9691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/comments?post=9691"}],"version-history":[{"count":2,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/posts\/9691\/revisions"}],"predecessor-version":[{"id":9694,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/posts\/9691\/revisions\/9694"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/media\/9338"}],"wp:attachment":[{"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/media?parent=9691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/categories?post=9691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.htt.it\/en\/wp-json\/wp\/v2\/tags?post=9691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}