The SolarWinds security fiasco, which Microsoft president Brad Smith described as “the largest and most sophisticated attack the world has ever seen,” may have begun, suggested former SolarWinds CEO Kevin Thompson when an intern first set an important password to “‘solarwinds123” and then shared it on GitHub. That was bad. Worse was a company that ever allowed an intern to set such a password. It’s time, well past time, to say good-bye to simple passwords and move to two-factor authentication (2FA) for all our security and Identity and Access Management (IAM) needs.