5 Matching Annotations
  1. Mar 2023
  2. blog.cmpxchg8b.com blog.cmpxchg8b.com
    You don’t need SMS-2FA.
    2
    1. TylerRick 23 Mar 2023
      You are currently allowing your users to choose their own password, and many of them are using the same password they use on other services. There is no other possible way your users are vulnerable to credential stuffing.
      security: credential stuffing good point
    2. TylerRick 23 Mar 2023
      t’s important to emphasise that if you don’t reuse passwords, you are literally immune to credential stuffing.
      security: credential stuffing passwords: don't reuse passwords
    Visit annotations in context

    Tags

    Annotators

    URL

    blog.cmpxchg8b.com/2020/07/you-dont-need-sms-2fa.html
  3. Apr 2020
  4. www.csoonline.com www.csoonline.com
    1.4B stolen passwords are free for the taking: What we know now
    2
    1. TylerRick 21 Apr 2020
      Credential stuffing is a serious attack vector that is underrated because of its unintuitive nature
      security: credential stuffing
    2. TylerRick 21 Apr 2020
      Defending against credential stuffing attacks
      security: credential stuffing
    Visit annotations in context

    Tags

    Annotators

    URL

    csoonline.com/article/3266607/1-4b-stolen-passwords-are-free-for-the-taking-what-we-know-now.html
  5. www.troyhunt.com www.troyhunt.com
    The 773 Million Record "Collection #1" Data Breach
    1
    1. TylerRick 21 Apr 2020
      Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.
      security: credential stuffing
    Visit annotations in context

    Tags

    Annotators

    URL

    troyhunt.com/the-773-million-record-collection-1-data-reach/