It's a very interesting area, and it continues to be challenging. There's a usability trade-off versus security.
I remember an IT security manager in a large corporation telling me about a policy he implemented before there were password managers, going back maybe a decade. He implemented a policy of robust passwords so that everybody couldn't use their household pet or their birthplace and so on. Then he found that despite having this enforced policy, everybody was writing their passwords down because there was no way they could otherwise remember them, so it was kind of counterproductive.
I have one final question, and then I'm going to share time with my colleague. I think there's a website called haveyoubeenhacked.com or haveibeenhacked—something like that—which basically records known breaches. If your data and any of your platforms or other third party apps or sites are in the cloud and are compromised, you can do a search for yourself or for your details and pull it back.
Is there any way to remedy that? I ran it recently, and I think there were four different sites that had been compromised that my details were on. If that happens on your platforms, how do you do that? How do you mitigate that? Do you just inform the users? Do you reach out, or do you try to wipe that data set and start again? What happens there?