Apples Safari browser has a really useful password management feature, which is now also available as a standalone app called Passwords. If youve ever taken a look at it, you may have seen a section calledSecurity Recommendationswhere youll find a collection of all the accounts and passwords that might have been compromised.If you havent already, its time to take those collections seriously, because generative AI (genAI) adoption means the scale and nature of the threats posed by purloined passwords and broken IDs is about to grow far greater. Thats because, armed with stolen emails and passwords, criminals will find it relatively easy to throw those credentials at the most popular online services.If they know you, they know, youThey do this already, of course. If you have a known email address and password you still use that is now being sold on the dark web (for about $10 a collection), its a no brainer for attackers to try it out on a range of different services. Sometimes they may get lucky.Augmented efficiency just means that using genAI, those same attackers can plough through more of these credentials even more swiftly, enabling them to trundle through huge collections of stolen accounts and passwords fast. Stolen credentials were the big attack vector last year,according to Verizon, and were used in around 80% of exploits.There are around15 billion compromised credentialsavailable online.The vast majority of these are useless, which means credential stuffing attacks might not generate much of a success rate. When they do succeed, most victim learn from the experience and secure everything pretty quickly, meaning a very small number of that 15 billion are truly vulnerable. All the same, from time to time they get lucky. And getting lucky now and then is what makes that part of the account login exploitation industry tick.Money in the middleThese attacks generatemillions of dollars of losses every year. With billions on the planet, theres probably another fool coming in a minute or two, and you dont want it to be you. Thats why you should spend a little time and audit Apples Security Recommendations regularly, as you dont want a service you use that happens to have its hooks on your personal, payment, health, or other valuable data to be abused.Thats true for everyone, but for enterprise users theres a dual challenge. We all know that employees (including business owners) are and will always be the biggest security weakness in the system. The phishing industry has evolved to exploit this.But that tendency is equally threatening when it comes to account IDs, and together poses a double-whammy threat once empowered by AI. How many company-related accounts have slipped and to what extent do these two vulnerabilities work together?If someone atIworkatthisbusiness.comfoolishly used their work email and complex work password to secure their access totrivialbuthackedwebsite.com, how long might it be until someone figures that out and sees if they can use this data to crack your corporate systems?Phishermans bluesThese attacks dont even need to be that smart; they can simply be used to analyze personal patterns to help craft super-effective phishing attacks against specific targets. Really sophisticated attackers could turn to a little agentic AI to gather any available social media data on entities they designate as ripe for attack, helping them create really effective phishing emails Spear AI, as it may one day be recognized.Artificial intelligence will help with all of this. Its really good at identifying patterns in disparate data sets, and analyzing the data thats already been exfiltrated into the world will be a relatively trivial task it all just comes down to the questions the machines are asked to answer. They can even use identified patterns in passwords to predict likely password patterns based on user data for brute force attacks. I could go on.Passwords are not the only fruit, of course.If you are wise youll be using 2FA security and/or Passkeys on all your most important websites, and certainly to protect any with access to your financial details or payment information. Along with different forms of biometric ID, the industry is shifting to adopt more resilient access control systems though, of course, subverting those systems is just a new challenge in the cat-and-mouse security game. Only recently, we learned of a new AI attack designed tocompromise Google Chromes Password Manager, and there will be more attacks of this kind. Thats even before you consider the significance of attacks madeagainst enterprise AIin their own right.Death to security complacencyThe main takeaway is this: You should act on the warnings given to you by Apples Security Recommendations tool. You should avoid re-using passwords, no matter where it is. You should use a Password Manager and other forms of security, such as 2FA, and you should very much beware if you receive an email from a trusted source that contains a link to something that sounds like it was made for you; chances are, it was.Most of all, I want you to check the credentials that have been leaked, change them, close accounts, and delete payment information from any service you dont intend to use again. As a person or enterprise, you certainly need to build a response plan for what to do if an account is compromised, or suspected to be compromised; security training even for your most experienced employees is almost certainly going to be of value. Most of all, never, everuse one of these passwords.Alternatively, ignore Safaris friendly warning and leave yourself open to having your genuine account credentialsbeing sold online for up to $45 a time.Why not take the time to secure your accounts? The tools are right there in your browser. What are you waiting for?You can follow me on social media! Join me onBlueSky, LinkedIn, andMastodon.