Week 7: Why Reusing Passwords Can Get You Hacked Fast

This week, I read an article that talks about a type of cyberattack called Credential stuffing as described by OWASP. Credential stuffing is a type of cyber attack where hackers use stolen usernames and passwords from one data breach and they try logging into other accounts using those same credentials. This is quite an effective strategy because if we are being honest with ourselves, a lot of people reuse passwords, including myself. According to OWASP, attackers are able to automate this process as well, they achieve this by using bots to test thousands of login attempts on popular sites. If even a small percentage of those reused credentials work again on other accounts, attackers are able to gain access to sensitive accounts, whether that is emails, banking information, addresses, the list goes on. It is scary how dangerous reusing passwords can be, and what shocked me the most is how common and successful this type of attack is. We see how dangerous it is, but we must also understand how easy it is to prevent credential stuffing. Using strong and unique passwords for all your accounts will go a long way to helping prevent this type of attack, and using multi-factor authentication as well will help secure accounts. This topic really highlights how one bad habit, like reusing the same password for all your accounts, can open a door to a list of problems.

Sources:

“Credential Stuffing.” Credential Stuffing | OWASP Foundation, owasp.org/www-community/attacks/Credential_stuffing. Accessed 30 June 2025. 

Comments

Post a Comment

Popular posts from this blog

Week 1: Enhancing Security with Multi-Factor Authentication (MFA)

 Multi-Factor Authentication which is also known as MFA, is a security process that requires users to verify their identity using two or more factors. As explained by the article I read this week, OneLogin explains factors as something they know such as a password, something they have which could be a smartphone. It can also be a security token or something they are, which can be a person's face or fingerprint. The way Multi-Factor Authentication works is in layers, and since it works in such a layered approach, it makes it significantly harder for attackers to gain unauthorized access. Even if one factor is compromised by attackers, as long as the other ones hold up attackers will not have access. As cybersecurity threats continue to grow, MFA stands in front of it as a simple yet powerful counter to enhance digital protection. It is best for all if not most companies to adopt Multi-Factor Authentication, as not only is it simple to implement, but it will help companies and busine...
Read more

Week 2: Defending Against Phishing Attacks

 Phishing attacks to this day remain as a great threat in the cybersecurity world, it often exploits human vulnerabilities in order to gain unauthorized access to sensitive data. The article I read today, NCSC, outlines a comprehensive, multi layered defensive strategy that companies and corporations can implement to reduce such risks The approach discussed includes implementing anti-spoofing controls in order to prevent attackers from impersonating legitimate email addresses. While also educating users to recognize and report any suspicious email they may come across. The NCSC also recommends deploying technical measures such as filtering or blocking incoming phishing attempts. Ensuring that everyone is made aware of the necessity for incident response planning, making all the individuals in the company capable of acting quickly if any breaches are likely to occur. If the layers were to be enforced within an organization, then they would be capable of significantly enhancing their...
Read more

Week 6: How Cloud Security Keeps Our Stuff Safe

 We see, as we browse online, how everything companies and individuals do involves the cloud. That is from saving photos to running entire businesses on the cloud. The question is, how safe is the cloud really? We see many people using it, are they right to trust their apps and businesses to cloud security? To answer this question, I read an article by CrowdStrike, which talks about how cloud security is all about protecting data, apps, and servers that live on the internet instead of on your local computer. Cloud providers have strong protections that were made for users, but security will always be a shared job between the provider and the user. Leaving storage open to the public and weak access controls are something that comes from the user, and the provider cannot do much if that's how attackers access the Cloud. However, tools like encryption, multi-factor authentication, and constant monitoring all work together in order to ensure that cloud environments are secure. It goes ...
Read more