This talk discusses the state-of-the-art with password security, credential stuffing attacks and the development of Pwned Passwords (including how Cloudflare products like Workers helped scale the project and the anonymity approach used).