With each passing day, it seems that more and more security breaches of personal data gets reported on the news ranging from a variety of companies and organizations like Uber, Reddit, HSBC, and more. With that, it may come as no surprise that online security for businesses must become more sophisticated as the attacks become more complex. This is especially true when countering the automated attack method known as credential stuffing.
What is Credential Stuffing?
Credential stuffing is a form of cyberattack that utilizes stolen usernames and/or email addresses with a password associated to try and get into other accounts owned by that user. This is done automatically on a large-scale by using the known existing credentials of the user and “stuffing” that credential into other websites to try and gain access. Data can also be shuffled into different pairings and “stuffed” into these same websites until they are given access to the new account. This is possible because people often reuse their usernames and passwords across at least two sites.
How to Prevent Credential Stuffing
There are many known methods to preventing this type of cyberattack including:
- Using bot detection methods like the captcha tool
- Setting up strong password complexity rules including unique characters, symbols, and password length
- Using multi-factor authentication
- Setting up password-less authentication
- Use risk based authentication
Protecting yourself from unwanted attacks starts from following some of the methods above. A good starting point would be to integrate multi-factor authentication to access your company data or a password manager that provides and saves a strong and unique password for all of your accounts. For greater and more customized protection for your organization, however, consulting a professional would be recommended.
Contact us at Resilient IT to make sure your business is securely set up for success during the pandemic and will continue to be protected well into the future.
