Essential cookies only โ€” Cookie Policy.

About Trusty Password

Anti-phishing credential guidance for individuals, teams, and organisations. Written by a practitioner with direct experience in security awareness training.

Mission

Phishing and credential stuffing together cause the majority of account takeovers. Both are preventable with two complementary habits: unique generated passwords, and verification before entering credentials anywhere. This site teaches both simultaneously.

Trusty Password was built around an observation from years of security awareness work: most advice tells people what not to do but not how to verify the alternative. "Don't click links" is good advice โ€” "here are the 5 specific things to check before entering credentials anywhere" is useful guidance.

The Phishing-Aware Credential Guard combines a strong password generator with a live verification checklist โ€” so users generate a good password and develop the habit of using it on the right site.

About the Author

Sophie Laurent is a cybersecurity awareness trainer who has designed and delivered security awareness programmes for FTSE 250 companies, NHS trusts, and public sector organisations across the UK. Her programmes specialise in translating technical threat intelligence into practical behavioural guidance that non-technical employees can actually apply.

Sophie has led phishing simulation campaigns, developed bespoke anti-phishing training curricula, and delivered workshops on credential hygiene, MFA adoption, and incident response for organisations subject to ISO 27001, Cyber Essentials Plus, and NHS DSP Toolkit requirements.

Expertise areas

  • Phishing and spear phishing awareness training
  • Fake login page detection and URL verification
  • FIDO2/WebAuthn phishing-resistant MFA โ€” design and advocacy
  • Credential stuffing and password hygiene
  • Incident response training for credential compromise
  • NCSC Active Cyber Defence, CISA Phishing-Resistant MFA, NIST SP 800-63B

Trust Signals

โœ…NCSC & CISA aligned

All guidance follows NCSC phishing guidance and CISA phishing-resistant MFA recommendations.

๐Ÿ”’Client-side CSPRNG

All generation uses crypto.getRandomValues(). Zero transmission. No passwords stored.

๐Ÿ“ŠPrimary sources only

Claims cite NCSC, CISA, NIST SP 800-63B, Verizon DBIR, or academic research.

๐Ÿ‡ฌ๐Ÿ‡งUK operated

Kokal Operations Ltd, England & Wales. UK GDPR compliant.

Editorial Standards

All claims cite primary sources: NCSC, CISA, NIST SP 800-63B 2025, Verizon DBIR, and peer-reviewed security research. The Am I Safe? protocol and MFA comparison table are derived from NCSC login verification guidance and CISA's Implementing Phishing-Resistant MFA factsheet. This site does not constitute professional security advice for your specific organisation's environment.

Organisation Details

Operated by: Kokal Operations Ltd, England and Wales
Website: trustypassword.com
Founded: 2026
Contact: [email protected]
Report phishing: [email protected]
Privacy: Privacy Policy (UK GDPR compliant)