Credential stuffing

 Article for:All 

		Difficulty:Easy 

		Importance: Important 

Databases of billions of username / password combinations exist. These are readily available to miscreants on the dark web. Credential stuffing is the large-scale, automated attempt to match leaked usernames and passwords to hundreds of potential sites.

They have scripts which contain hundreds of websites and millions of username /password pairs. They release botnets on those sites trying the username / password pairs to gain more information that can be used against those users. They will also try variations on the passwords, so the password 'Fishing12' might also try 'Fishing13' and 'Fishing122'.

It is surprising what they can put together if they have hacked into 3 or 4 of your accounts.

Many websites hassle us with captchas, to slow down or stop these bots. But, your only protection is to never repeat your password or do a variation on a previous one. In general, you want to avoid having to type in passwords by having strong random passwords generated for you by your password safe, and letting it fill in the passwords for you.

My recommended password safe is Keepass.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Credential stuffing Article for:All Difficulty:Easy Importance: Important Databases of billions of username / password combinations exist. These are readily available to miscreants on the dark web. Credential stuffing is the large-scale, automated attempt to match leaked usernames and passwords to hundreds of potential sites. They have scripts which contain hundreds of websites and millions of username /password pairs. They release botnets on those sites trying the username / password pairs to gain more information that can be used against those users. They will also try variations on the passwords, so the password 'Fishing12' might also try 'Fishing13' and 'Fishing122'. It is surprising what they can put together if they have hacked into 3 or 4 of your accounts. Many websites hassle us with captchas, to slow down or stop these bots. But, your only protection is to never repeat your password or do a variation on a previous one. In general, you want to avoid having to type in passwords by having strong random passwords generated for you by your password safe, and letting it fill in the passwords for you. My recommended password safe is Keepass. Further Reading Wikipedia article on Credential Stuffing Date: May 2019 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk

Keeping clients' computers safe and profitable for over 30 years

Credential stuffing

Further Reading