Special programs now enable hackers to crack user-password combinations on a large scale. MFA (Multi-Factor Authentication) blocks the attack, but does not solve the real problem: the compatibility between data protection and user-friendliness.
The cyber risk increases with the increase in companies in digital services for customers and employees. It is particularly interesting for hackers to tap large amounts of user data in order to e.g. make illegal online purchases.
Credential stuffing attacks will become one of the biggest challenges for businesses in 2020 when it comes to digital security of user data.
In this context, the term “credential stuffing” means a type of hacking that uses various methods to test stolen user-password combinations in order to abuse user accounts (e.g. for web shops or online banking). They try to get to user accounts, partly automatically, via botnets.
Access data are often insufficiently complex
Another point is the fact that many users are rather careless with their passwords and their digital identities as a whole. The tapping of login data with bots is hardly noticed by those affected.
According to a recent Google study, 59 percent of all users use the same password for multiple accounts. It is exactly this behavior that the attackers then use in credential stuffing. In 2019 alone, 29 percent of all data breaches were accounted for by this method - and the trend is rising.
Multifactor authentication help
Not all companies use multifactor authentication. An MFA-protected account can only be hacked with a lot of time and effort, since a device is always required. It would make such an attack on a large scale almost impossible. The increased security gain is often tedious for the customer to implement, which is why many do not.
Agree data security and usability
The art of effectively countering credential stuffing is to protect user accounts over the long term without risking the user-friendliness of a service.