Data breaches are becoming more sophisticated every year, largely as a result of the methods criminals use to obtain the login details needed to breach an account. As awareness of malware and phishing techniques rises amongst organizations and individual users, cybercriminals are turning to new ways of gaining access to accounts. One such method is credential stuffing, which is becoming a significant problem for network security teams. This article will explore credential stuffing, why you need to worry about it, and some of the various credential stuffing protection strategies.
What it is
What is credential stuffing?
Why it matters
Why is credential stuffing important?
How it works
How do credential stuffing attacks work?
How to prevent credential stuffing
While credential stuffing is a legitimate cause for concern for individuals and organizations, the good news is that there are many reliable credential stuffing protection strategies. Here are some of the most common and effective to defend against credential stuffing attacks.
Multi-factor authentication requires users to validate their login through a secondary method. It could be a previously set security question or a secondary device like a smartphone. While MFA is not 100% foolproof, typically, the potential hacker won’t have access to this information or device, so they won’t be able to authenticate the login and gain access.
Blacklist suspicious IP addresses
You may opt to block or ban IP addresses that engage in suspicious behavior, like trying to log into multiple accounts.
Adopt stricter login practices
Organizations often prevent their users from using commonly re-used login credentials. For example, people typically use their email as a username across multiple platforms online, so prohibiting that practice reduces the likelihood of a successful credential stuffing attack.
Monitor activity and look out for red flags
By monitoring the traffic in your network, you can detect suspicious or abnormal activity and take steps to learn how to prevent credential stuffing. One example is logging multiple login attempts from extremely different geographical locations in a short space of time.
Place a limit on failed login requests
Limiting the number of failed login attempts for each account can be an effective way to slow down or prevent credential stuffing attacks. For example, if a user fails to log in three times consecutively, they can be blocked for another hour and then sent an email address to alert the account owner.
(Further reading: Credential harvesting: Is it too big of an attack or can you fight back?)
For an even stricter approach, you can freeze the account after a certain number of failed attempts and require the user to re-activate it in person.
An organization can use specific software or websites to check if a user’s login details have been featured in databases of compromised credentials, such as those shared on the dark web. If there is a match, you can alert the user so they can change their details. As a part of good security hygiene, users can and should do this themselves for both work and personal login credentials.
(Further reading: 7 ways to defend against a credential stuffing attack).
We can help you take control of your security with cybersecurity solutions and services
Threats like credential stuffing can keep you up at night, but with the right security measures in place, they can easily be prevented and mitigated. Learn more how to keep your security as tight as possible., Cybersecurity consulting services to endpoint security and threat detection and response can help you detect and respond to threats before they impact your business.
Password security tips and best practices for enterprises
Endpoint Security and working from home
Your feedback will help us to improve AT&T Business so you continue to have a great experience when visiting us!
This survey is conducted by an independent company ForeSee for AT&T.