What is a Credential Stuffing Attack?
Credential stuffing is a type of cyberattack in which stolen account credentials are used to gain unauthorized access to user accounts through large-scale automated login requests, directed against a web application. Commonly pulled from a data breach, the stolen account credentials are most commonly lists of usernames and/or email addresses with corresponding passwords. Credential stuffing attackers simply automate the logins for a large number (thousands to millions) of previously discovered credential pairs using standard web automation tools.
Credential stuffing attacks are possible because many users reuse the same username/password combination across multiple websites. Despite the low success rate, advances in bot technology also makes credential stuffing a viable attack.
Best Ways to Prevent Credential Stuffing Attack
1. Avoid using the same password for multiple websites
FUTX recommends that users create a unique password for their FUTX accounts. Users can also opt to use a less popular email service provider or dedicate a separate email address for their FUTX account to increase the security level.
2. Create a strong password for your FUTX account
Avoid using simple, adjacent keyboard combinations such as “123456” or “111111”, or any other easily accessible information such as names and birthdays as your password. Instead, use a combination of upper and lower case letters as well as numbers and special characters to give your password an extra layer of protection.
3. Change your password regularly
Ideally, you should change your password on a regular basis. Best practices recommend that users change their passwords every two months.
4. Activate multi-factor authentication
Besides creating a strong password, FUTX strongly recommends that users set up Google (2fa) Authentication for their accounts.