Credential stuffing: the dangers of reusing passwords
Our passwords are essential to protecting all the different online services we use: from bank accounts to streaming and delivery apps.
As the number of our online accounts and services increases, we tend to use the same password for several websites, in the hopes of making things easier to remember. And it is precisely this practice that makes the credential stuffing scam possible, and so dangerous.
The dangers of using the same password for several accounts
Imagine that, unfortunately, one of your passwords becomes public due to a data leak. What’s worse and offers more risk: having a single account jeopardized and being forced to change only one password, or seeing several accounts at risk and struggling to recall which services were linked to the leaked password?
The answer is pretty obvious, right? This seemingly innocent and highly common practice of reusing passwords can cause a lot of problems, not to mention severe financial loss.
Over the coming topics in this article, you’ll gain a better idea of how credential stuffing works and how you can use unique passwords without having to rely on memory alone to recall them.
What is credential stuffing and how it works
Credential stuffing is a type of attack based precisely on the fact that people often reuse the same password. In this scam, criminals gather leaked personal data, such as usernames and e-mails with corresponding passwords. Using automation tools, they run these data through a series of online services. As such, if the leaked password is used for several services, the damage caused by these criminals can be substantial, since they gain access to all of these accounts.
And it’s not only invaded bank accounts that can generate a financial loss, okay? Even though many of the accounts accessed don’t include sums in cash that can be stolen, most online services store financial data, such as credit card numbers, which can then be used by criminals for future purchases, pretending to be the victim.
As such, all of our online accounts deserve care and close attention.
How to protect yourself from credential stuffing
You can avoid credential stuffing without having to rely solely on your memory. Follow the tips below to keep your accounts safe against this type of attack.
-
Suggested passwords
Most services, such as social networks and streaming platforms, offer a unique password suggestion at the time of signing up. It is highly recommended that you follow this suggestion. And so you don’t have to remember the password, you can use a password manager!
-
Password manager
Whether or not you accept the password suggested by online services, a password manager is a major ally when it comes to using unique and secure passwords! Password managers are applications that store your login data for each account. Through it, you have a safe method to store passwords and will never need to repeat access data for more than one account.
-
Two-factor authentication
Two or multi-factor verification adds an extra layer of protection to your accounts. Practically all online services offer this option when setting up your account or privacy. As such, even if criminals gain access to your login credentials, they’ll be blocked.
By following these tips, the chances of falling victim to credential stuffing are a lot lower.
Article originally written in Portuguese by Perallis Security Content Team: Credential stuffing: os perigos da reutilização de senhas — Perallis Security