Cybersecurity Awareness: Credential Stuffing

October 29th, 2020

Along with the holiday season comes the downside of an increase in fraud and other cyber activity.And criminals will be stuffing more than just the Thanksgiving bird.

Many things have changed this year, including our online habits.People are signing up for online food and grocery delivery, and moving to a mostly digital footprint for our common errands.Unfortunately, in our effort to change, we may not have addressed how we are connecting to these online resources.

Hackers are taking groups of usernames and passwords which have been leaked via online breaches at stores, social media and large companies and trying them against logins for other online services.This type of attack is called credential stuffing, and is on the rise. The FBI released a report stating that nearly 50,000 account compromises have been reported since 2017, which can be attributed to credential stuffing.

Here is how you can protect yourself and your online identity against this growing threat:

  • Create complex passwords. The most commonly used passwords still are “password”, “password1”, and “12345678”. Use a password generator to auto-generate a complex password, or create one using numbers, letters, and special characters.Need help?Write down one of your favorite quotes or affirmations and then replace various letters with a number or special character. In some cases you can use a space as well.Example: Carpe Diem! => !K@rp3 D13m!(12 characters counting the space!)
  • Use a different and unique password for every online resource.This is the key to stopping credential stuffing.If you use a password for Facebook and only for Facebook; if Facebook is hacked the criminals can try your username and password elsewhere online – but that won’t work because your password was only used for that one social media platform.
  • Get a password manager.A password manager is a software solution that securely manages all those logins and passwords you create to access online services.The password manager encrypts your sensitive data to keep it safe from hackers.A popular password manager today is LastPass, which offers different pricing models for individual and family use, and the solution works on a desktop, in a browser, and on a mobile device.You are never without your passwords, and they are secure.

Following these steps will allow you to breathe a little easier and keep you in better control of your online identity.

Do your part. #BeCyberSmart.

« Back to all Articles