Video: Credential stuffing

Follow:

  • Transcript

    [Electronic music playing]

    From online banking, shopping and gaming

    to joining unique communities,

    you need to create an account

    to do just about anything these days.

    And with so many accounts to manage, it might be tempting

    to reuse the same credentials CredentialsA user's authentication information (e.g. username, password, pin, token, certificate) used to verify their identity to gain access to their account, devices or services. for each one.

    Credentials confirm your identity

    with a username or password PasswordCombination of letters and numbers you select to secure an account or device. to access your accounts.

    But reusing your credentials puts you at risk

    of cyberattacks like credential stuffing Credential stuffingA type of cyber attack in which cyber criminals use previously stolen log-in credentials (i.e. your username or email address and password) from one website and then “stuff” these credentials into the log-in pages of other websites and systems until matches are found. Cyber criminals take advantage of the fact that many users reuse their credentials across various platforms. .

    "Credential stuffing" might sound complicated,

    or like a tasty Thanksgiving side dish,

    but it's straightforward.

    In a credential stuffing attack, cybercriminals

    use stolen credentials from one website and use them

    to gain access to your accounts on other sites.

    Once they have access, cybercriminals can

    change your password,

    steal your personal information,

    and make unwanted purchases with

    your credit card information.

    So how can you prevent a credential stuffing attack?

    Use a unique password or passphrase PassphraseCombination of random words you select to secure an account or device. for each account.

    That way, if your credentials for one account are stolen,

    a cybercriminal can't use them to access your other accounts.
     

    If you find all those passwords difficult to remember,

    you can use a password manager to store them safely.

    You should also enable multi-factor authentication Multi-factor authenticationA tactic that can add an additional layer of security to your devices and account. Multi-factor authentication requires additional verification (like a PIN or fingerprint) to access your devices or accounts. Two-factor authentication is a type of multi-factor authentication. ,

    also known as MFA, where possible.

    MFA adds an extra layer of security to your accounts by

    making you prove your identity to log in,

    like sending a code to your phone or e-mail

    or using facial recognition.

    If you suspect one of your accounts has been compromised,

    change your password or passphrase immediately.

    Then check your credit card and bank accounts

    for any suspicious activity.

    Using unique passwords or passphrases

    for all your accounts may seem like a pain,

    but it's worth it to protect your sensitive information.

    Visit GetCyberSafe.ca to learn more about staying safe online.

Related Links

Protect your accounts from credential stuffing
Video: Creating a strong password
Why you should never use the same password for more than one account
How strong is your password? Five ways to evaluate
Why a password manager will help you save time
How to choose the right password manager for you
Video: Multi-factor authentication
Why multi-factor authentication is an essential part of cyber security
Examples of multi-factor authentication in action
Date modified: