Credential Stuffing & Variations on a Theme
I’ve often spoken in my training courses on the dangers of weak passwords, and reusing passwords across accounts. This recent article in The Guardian shows the danger exists even when you try to cleverly create a variation of your “usual” password.
Hackers obtain passwords and test them out on other websites – a practice known as credential stuffing – to see whether they can break into accounts.
But in some cases they do not just try the exact passwords from the hacked data: as well as credential stuffing, the fraudsters also attempt to access accounts with derivations of the hacked password.
— Password1: how scammers exploit variations of your logins, The Guardian newspaper
Remember that a computer can easily try thousands of different versions of your password in a very short space of time. That is why passwords must be unique, random, and at least 16 characters long. Only a password manager can help with you that.
If a password manager isn’t something you feel you can use, then make sure to use the secure passphrase approach — instead of the 16+ random password type a collection of 4 or more words into the password field. Here is some guidance from the Australian Cyber Security Centre.
Changing your passwords to a passphrase is a great way to improve your cybersecurity.
A passphrase is made up of 4 or more random words, making it longer than a standard password. This makes them easy to remember but hard for someone to guess
— Passphrases are the more secure version of passwords, Australian Cyber Security Centre
Of course passphrases still also have to be unique for each account, so maintaining this information can be tedious. However it’s vital to keep yourself secure.
The quotes above have links that provide more information.
If you need help creating passphrases then the website Use a Passphrase can be a great help, and write the passphrases down carefully in a dedicated notebook. A5 size is better so that the longer passphrases will fit.
Handy Tip: Get grid or graph style markings to make it easier to write separate characters.
P.S. What do you think of this new communication tool? Here is a handy “Leave a Comment” button.
