Data breaches have ruined businesses in many ways. Hackers and criminals use a bunch of ways to cause a security breach, including credential stuffing. For the unversed, credential stuffing is about using pre-collected login credentials to hack into other services and accounts. Data used for credential stuffing can be obtained from dark web, or through a recent data breach. While credential stuffing is a matter of concern, it isn’t an easy thing for hackers to pull off. There are some really basic things that go a long way in preventing credential stuffing.
Use unique passwords
Credential stuffing only works when a lot of accounts and devices of the same user have the same password. If you use a different and unique password for each account, this wouldn’t happen in the first place – simple. So, what is a good password? Make sure that –
- The password is at least 12 characters long
- The password has at least one special character
- The password has uppercase and lowercase numbers
- The password has numbers
- The password doesn’t have any personal/company information
It is understandable that your employees may not be able to handle a lot of passwords, and that’s where a password manager should be recommended. Password managers, especially the advanced ones, are great for professional use.
Use web application firewall (WAF)
A good web application firewall (WAF) will help in finding traffic that’s coming from botnets. WAFs have been effective in many cases to identify suspicious login attempts, especially when these attempts become apparent and too frequent in a short time.
Use multi-factor authentication (MFA)
Another important and useful way to avoid credential stuffing is to use multi-factor authentication (MFA). This is about using a second or third layer of protection over the standard strong password. Even if hackers manage to get access to employee credentials and login information, they wouldn’t be able to bypass the further steps. It could sometimes refer to that one important security question, or a onetime password or pin.
Final word
Don’t shy away from seeking help on cybersecurity when it comes to handling threats like credential stuffing that concern your business. Also, let your employees know what this kind of breach may mean, so that they take the step to create strong passwords. It doesn’t take a lot to prevent credential stuffing, and while this kind of threat is not that prevalent anymore, all it takes is to be a tad more proactive with password management.