When cybercriminals hack an account, they can do a lot of harm. However, the damage is not always limited to an online service. How to protect yourself against credential stuffing.
Hanover (dpa / tmn) - If you want to protect your accounts, you should be creative - so use a different password for each service. The technology magazine "c't" advises this in its current issue (12/20). Because otherwise cybercriminals have an easy job.
If users only use one password for different services, criminals can spy on the access data and use them for all accounts. This is often not even noticed by the operators of the online services - since the fraudsters use the access data of a normal user.
Common defense mechanisms fail
The captured login data often serve as the basis for further attacks, experts then speak of credential stuffing. The fraudsters often use botnets, which they use to enter the login data for any number of IP addresses.
Common defense mechanisms often fail as a result. According to "c't", this does not release the operator of a service from their responsibility. You should at least try to track down and block such attacks. After all: More and more services are offering two-factor authentication. According to "c't" good protection against access by strangers to your own account.
Users can protect themselves
In order to create a secure password, the Federal Office for Information Security (BSI) advises at least eight characters - preferably with a mixture of special characters, numbers, upper and lower case letters. Basically, the longer the combination, the better.
If users want to protect themselves, the experts at "c't" recommend a password manager like KeePass. This offers two advantages: It saves the access data securely and it generates a new, sufficiently secure password for each new service.
They also recommend that users check whether a password has already been cracked - this is possible, for example, at the Hasso Plattner Institute using the Identity Leak Checker.
HPI: identity check