OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

Credential stuffing

Article for:All
Difficulty:Easy
Importance: Important


Databases of billions of username / password combinations exist. These are readily available to miscreants on the dark web. Credential stuffing is the large-scale, automated attempt to match leaked usernames and passwords to hundreds of potential sites.

They have scripts which contain hundreds of websites and millions of username /password pairs. They release botnets on those sites trying the username / password pairs to gain more information that can be used against those users. They will also try variations on the passwords, so the password 'Fishing12' might also try 'Fishing13' and 'Fishing122'.

It is surprising what they can put together if they have hacked into 3 or 4 of your accounts.

Many websites hassle us with captchas, to slow down or stop these bots. But, your only protection is to never repeat your password or do a variation on a previous one. In general, you want to avoid having to type in passwords by having strong random passwords generated for you by your password safe, and letting it fill in the passwords for you.

My recommended password safe is Keepass.

Further Reading

Wikipedia article on Credential Stuffing




Date: May 2019


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster