SMARTPHONE owners have been warned about some hacker tactics that can see their data stolen.
A recent article from Keeper Security, a cybersecurity company, sheds light on some concerning online threats: password spraying and credential stuffing.
“Password spraying and credential stuffing have a lot in common, but the main difference is in the way the attack is executed,” the blog post reads.
PASSWORD SPRAYING
Password spraying is a brute-force attack that targets multiple accounts with the same common password.
Hackers often obtain large lists of usernames and email addresses through data breaches or leaked information.
They then automate the process of trying a set of frequently used passwords (e.g., “password123”, “123456”) against these usernames across various online platforms.
Password spraying is particularly dangerous because many users tend to reuse passwords across different accounts.
It can also bypass account lockout mechanisms that are triggered by numerous failed attempts on a single account.
CREDENTIAL STUFFING
Unlike password spraying, credential stuffing utilizes stolen login information (usernames and passwords) from previous data breaches to attempt unauthorized access to other accounts.
Attackers acquire these credentials through various means like phishing and malware.
Most read in News Tech
And once attackers gain access, they can steal personal data, commit financial fraud, or even launch further attacks.
HOW TO STAY SAFE
Keeper Security recommends taking the following steps to safeguard yourself from password spraying.
First, it’s important to have strong unique passwords for every online account.
A strong password comprises both uppercase and lowercase letters, numbers, and special characters, and is at least 16 characters long.
It also should not contain any personal information or commonly used words.
Users should enable multi-factor authentication (MFA) whenever possible as this adds an extra layer of security.
Using a password manager can also help you generate difficult-to-crack passcodes and securely store them.
Lastly, you will want to enable log-in notifications to detect if an unauthorized user is trying to access your account.
“These notifications will alert you anytime someone has tried to log in to your account or an unknown user has recently logged in to your account,” Keeper Security said.
This post first appeared on Thesun.co.uk