Taking the ‘stuff’ out of credential stuffing

Marketers can help secure multi-factor authentication accounts, as attackers are likely to activate them and make it difficult to recover from an acquisition.

We are only human. You’ve already heard the phrase. OK?! We are only human, is a phrase that can be easily applied to universal mistakes and failures, emphasizing how our temporary existence generally does not live up to expectations. Read otherwise, we can’t do much. And that’s exactly what cybercriminals depend on to make their lives easier. Let’s take a look at the following: How often do you use the same email address or username and password to log into different sites? I thought so. All of us. This is a common practice, given the number of times we have access to our work, social networks, shops, and other digital goods during the day (not to mention phones). I would like to ask another question: how many of you use the same four-digit PIN to log into your mobile phone and bank account? I close my case.

What is a reliable filler?

The internet is in every corner of our lives, as are banking, shopping, food delivery, communications, webinars, video calling, and more during the age of COVID-19 and more. . As you know, each of these actions requires a login. Like a good cook, who will use all parts of an animal (even the bone) to make a rich sauce, the culprits use all the data they extract from a crime to carry out the next attack. A lot of information about users is collected, not just for credit cards to buy illegal products or to pay for services; Usernames and passwords are often used to automatically log in to other websites and platforms. It is a reliable fake attack in its simplest and most basic form.

No proof of use is required in case of theft. There are markets on the dark web that regularly travel with stolen evidence. Remember the cooking analogy: this stolen data is separated and sold repeatedly because everything has value on the dark web. In addition to value, they rely on using a bad actor who will exploit them to create more chaos and destruction, leading to compromises from other platforms, always leading to identity theft and possibly worse.

Account titles

We all agree that identity theft is the plague of the internet, a shared resource that we now consider indispensable. However, identity theft isn’t the only thing hackers can do. When the attackers stole the Twitter account of the Spanish football club FC Barcelona,   they sent fake tweets with it. Similar attacks were carried out on Statefarm and Dunkin Donuts. Verizon’s most recent research report found that 80% of theft crimes are serious assaults or the use of lost or stolen evidence (e.g., draft references). The Open Web Application Security Project classifies credentials as a subset of brute force attacks. The difference is that a brutal attack doesn’t use context and just tries to guess the password and credentials. They are also called dictionary attacks. However, when entering credentials, familiar combinations of passwords and credentials are used to make the process much more focused and likely.

Do you feel uncomfortable? 

You have to. I don’t want to underestimate the importance of identity theft – it’s difficult and can take months to fix. I know, I had to do this for my wife’s bills. However, account management can have significant consequences – imagine an attacker receiving a personal email account from government officials. Think about the information and secrets they would find and the damage they would cause if they sent emails like the government official.

Protecting our shared infrastructure begins with the knowledge that we are all our CISOs and, therefore, responsible for protecting all accounts we use from attacks. And what else do you think? The marketing team can help you, as this is your brand’s advice for your business – marketing partners are the custodians of the brand experience and a specific product or service in the industry. Everyone, including marketers, plays an important role in ensuring prosperity

Basic cybersecurity for marketers

Now that we have agreed that we need more experience with our personal cybersecurity in order to properly run our business in our management, we need to talk about how to make this happen.

• Do not use the same login name and password on different websites but use different passwords in addition to a login name. If one of the passwords is compromised, it is highly unlikely that other accounts will be compromised as a result.

• Use strong passwords. And yes, your pet’s name is not a strong password, even if you only use capital letters and put an exclamation mark at the end. Wait, I just gave you my password!

• Use a password manager. When I started this article, I was referring to how fallible we all are and how difficult it is to be human in a digital world. It’s true. Remember that many passwords are next to impossible unless you have a photographic memory.

• Change passwords as much as possible. This is just good password hygiene. If you’ve been using the same simple password on a website for ten years, it’s time to update it and get in the habit of changing it from time to time. The more critical the website (such as your bank’s website), the more you will need to update and change your password. For those who work in businesses with a strict password policy that must be updated every 30, 60, or 90 days, this is done for a reason. It’s not just about making your life more difficult, but also about making your business a safer place. Take it as a tail and adapt it to life. It also applies to the customer experience that your e-commerce programs and stores are waiting for your customers.

 Ask your customers to choose long and complex passwords with special characters, numbers, and capital letters.

Ask your customers to change their password at least once a year, if not more often, or if they have not been logged in for a long time.

• The most effective way to protect your accounts is to use Multi-Factor Authentication (MFA). Multifactor authentication uses a secondary device to log in to an online account, such as receiving text on a mobile phone when you try to log in or opening an authentication application that provides a code to log in to the ‘a’ website. According to Microsoft, 99.9 blocks the use of MFA% attacks! According to a recent article by Kuber’s reporter Brian Krebs, attackers are likely to step in and prevent recovery. Yes, it is an extra step, but it can reduce the attacker’s access to your platform. , or worse, the customer experience on your platform or service.

How much joy the Internet offers us can cause fear and pain, if not more so when our critical relationships fall into the hands of criminals. It’s important to think about how simple our online lives can be if we are to take the necessary precautions to protect our identity and essential belongings. Because I guarantee you, the bad guys are constantly watching our defenses – that’s how it works.

Marketers can help build good habits by insisting that their sites need things like MFAs and complicated passwords that vary. As we develop the e-commerce experience, we can all develop our security habits for things like email and banking. We are all habits: it is time to commit to greater safety.

Translate »