• Burton Kelso, The Technology Expert

How to Protect Yourself from Credential Stuffing Attacks



Cybercriminals have a 'never die' attitude when it comes to getting your information and money which means there will always be new threats on the horizon that you should worry about. Credential Stuffing is affecting consumers and businesses alike and I'm sure you're wondering just what the heck that is. Well, credential stuffing occurs when cyber criminals obtain your online credentials that have leaked onto the dark web. Then they use automated bots to 'stuff' your credentials into the login pages on multiple websites to unlock your online accounts. Years of data breaches and the average person using week passwords has provided a way for criminals to easily get access to your online accounts. How can you keep safe?  Check out these tips:


1. Don't use the same passwords on your online accounts. Cybercriminals know that people use the same passwords for all of their online accounts and are slow to change passwords which is why if they get the password for one account, they will use it on all of your web accounts including sensitive ones like your bank and other financial accounts.  If you have different passwords for your online accounts this means if criminals get access to one account, it means they won't get to the rest of your online accounts. 


2. Change your passwords on a regular basis or just create strong passwords  When criminals get access to your online credentials that have been leaked, the information is usually a few months old, sometimes older.  If you get into the habit of changing your passwords on a regular basis, it prevents criminals from using those old passwords to log into your accounts. Now the school of thought on the frequency varies from tech expert to tech expert. The common rule is every 3 months, but I feel if you create a strong password, you don't have to worry about changing your passwords. There are other things that prevent you from worrying about changing passwords such as .....


3. Do the Two-Step.  Two-step authentication is a great way to protect your online accounts.  Most web-based accounts now have this feature.  When you set up two-step authentication, you will get an alert sent to your smartphone whenever there is an unknown login into your online accounts. You have to confirm from our smartphone to give access to your account.  It can be a pain in the but having two sign-ins, but it's better than having someone access your critical information.


4. Find out if you've been hacked.  There are a variety of websites that allow you to see if your information has been compromised.  One of the more popular sites is www.haveibeenpwned.com  This web site allows you to see if your web account login email has been part of a large scale breach or if the information is leaked on the dark web.  Another site you can look at is www.fightingidentitycrimes.com.  This site allows you to look at web breaches that go all the way back to 2012 to see if any company you have done business with has been part of a breach.  If they have, the site gives steps of what you can do to protect your information and identity.


5. Use a password manager.  A password manager works in making sure you can keep track of all of those different passwords for your online accounts, as well as helping you create stronger passwords for your accounts and monitor the dark web to see if any password you are currently using can be accessed by cybercriminals. One of the more popular password managers is LastPass (www.lastpass.com). Lastpass keeps all of your passwords in a vault which allows you to automatically log in to all of your online accounts, create secure passwords for your accounts, and will even scan the dark web to see if any of your passwords have been leaked there. If you don't want to use another program, you can configure your favorite web browser (Safari, Chrome, Opera, Firefox, and Edge) to do the same things that Lastpass does. Credential stuffing is easy to perform, so its popularity with criminals will increase with time. Even if your business isn’t affected yet, you must protect your website and watch for all the red flags listed in this blog. 


Credential stuffing is an easy process for cyber criminals, so don't expect it to go away anytime soon. Always remember that 99% of cybercrime requires user interaction and relies on consumers and businesses to be lax in their cybersecurity methods. Make sure you're always keeping up with your passwords for all of your accounts and keep up with the cybersecurity for your home and business.


Looking for More Useful Tips Tips?

My Tuesday Tech Tips Blog is released every Tuesday. If you like video tips, I LIVE STREAM new episodes of 'Computer and Tech Tips for Non-Tech People' every Wednesday at 6:00 pm CST on Facebook, Instagram, LinkedIn, and Twitter. Technology product reviews are posted every Thursday. You can view previous episodes on my YouTube channel.


Click this link to sign-up and subscribe and you will receive every tip directly in your inbox each week.


Want to ask me a tech question? Send it to burton@burtonkelso.com. I love technology. I've read all of the manuals and I'm serious about making technology fun and easy to use for everyone. 


Need computer or technology help? If you need on-site or remote tech support for your Windows\Macintosh, computers, laptops, Android/Apple smartphone, tablets, printers, routers, smart home devices, and anything that connects to the Internet, please feel free to contact my team at Integral. Our team of friendly tech experts organization can help you with any IT needs you might have. Reach out to us a www.callintegralnow.com or phone at 888.256.0829. 


Please share this with your friends and family! If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.



0 views
 
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
  • YouTube
  • Pinterest

©2020 by Burton Kelso