Keeping clients' computers safe and profitable for over 30 years | |||
Home Forms About Current Newsletter subscribe Search All Articles
Browse by Category
|
Credential stuffing Article for:All
Difficulty:Easy Importance: Important Databases of billions of username / password combinations exist. These are readily available to miscreants on the dark web. Credential stuffing is the large-scale, automated attempt to match leaked usernames and passwords to hundreds of potential sites.
They have scripts which contain hundreds of websites and millions of username /password pairs. They release botnets on those sites trying the username / password pairs to gain more information that can be used against those users. They will also try variations on the passwords, so the password 'Fishing12' might also try 'Fishing13' and 'Fishing122'.
It is surprising what they can put together if they have hacked into 3 or 4 of your accounts.
Many websites hassle us with captchas, to slow down or stop these bots. But, your only protection is to never repeat your password or do a variation on a previous one. In general, you want to avoid having to type in passwords by having strong random passwords generated for you by your password safe, and letting it fill in the passwords for you.
My recommended password safe is Keepass.
Further ReadingWikipedia article on Credential Stuffing
Date: May 2019
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. |
||
|