OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Credential stuffing

Article for:All
Importance: Important

Databases of billions of username / password combinations exist. These are readily available to miscreants on the dark web. Credential stuffing is the large-scale, automated attempt to match leaked usernames and passwords to hundreds of potential sites.

They have scripts which contain hundreds of websites and millions of username /password pairs. They release botnets on those sites trying the username / password pairs to gain more information that can be used against those users. They will also try variations on the passwords, so the password 'Fishing12' might also try 'Fishing13' and 'Fishing122'.

It is surprising what they can put together if they have hacked into 3 or 4 of your accounts.

Many websites hassle us with captchas, to slow down or stop these bots. But, your only protection is to never repeat your password or do a variation on a previous one. In general, you want to avoid having to type in passwords by having strong random passwords generated for you by your password safe, and letting it fill in the passwords for you.

My recommended password safe is Keepass.

Further Reading

Wikipedia article on Credential Stuffing

Date: May 2019

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster