#31
|
|||
|
|||
Quote:
"Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes." People tend to think of attacks like this as directly targeting them. Everyone is being targeting. You only lose if your online behavior, weak password or password reuse even partials, is susceptible to these attacks. |
#32
|
||||
|
||||
any recs for a password manager from someone in the industry?
Quote:
__________________
Be the Reason Others Succeed |
#33
|
|||
|
|||
Any good system shouldn’t be particularly vulnerable to credential stuffing and brute force attacks. It should detect that and insert delays or completely reject the requests after a small number of guesses.
Those attacks work well if the hacker has already breached the system and dumped databases and the database is storing passwords in a poor or well known way. “Capture the password file” is a great first step in any kind of breach so of course a look work goes into making that hard. |
#34
|
|||
|
|||
Just wanted to reiterate what has been said (and is just as important as using strong passwords):
Use different passwords on every account. Last edited by VeloceNiente; 04-20-2024 at 04:04 PM. |
#35
|
||||
|
||||
Quote:
|
#36
|
|||
|
|||
You must mean every account. Every login would be nuts.
|
#37
|
|||
|
|||
I meant the noun form of ‘login’, but ‘account’ is clearer. Edited.
|
#38
|
||||
|
||||
funny enough, after reading this thread I went and changed my BoA credit card password to a random one from the Apple/Chrome extension password generator.. went for a ride, came back and just got a text that my card had a charge that had been declined for suspicious activity.. coincidence I'm sure, but just a little funny.. went through the process to get two charges taken off and and new card and changed my password once again.. I assume it was from a skimmer or something similar and not an account hack..
__________________
Be the Reason Others Succeed |
#39
|
|||
|
|||
Help request from the more informed--If you have to be the home IT guy for the family (read: wife) and pick a secure but easy to manage option for phone/computer (Apple based) system, would you choose 1password vs Bitwarden vs going all in on Apple Keychain/iCloud? Or any other options to consider?
|
#40
|
|||
|
|||
Quote:
I would never use a public computer for any of my password protected accounts. I would never put personal information on a personal computer. |
|
|