Single factor authentication often the larger the target the quicker the compromise.
Find a page were login credentials are requested.
1. search-engine-manipulation (to find login pages and usernames)
using a companies name google search to try and discover there e-mail structure as this is commonly used as a username. i.e search @compnies-choosen-name.com (the .com can be replaced by any country in scope parameter .jp, .fr so on)
The results should show users internal email address i.e email@example.com
username = mark.exsample or firstname.lastname@example.org
(50% of authentication complete)
After this search again using the found users e-mail address email@example.com and look for any social network accounts and any other information. Befriending is common try and learn there partners names, dob, pets names.
Create the password file using this found information.
(100% of authentication complete)