{"id":26577,"date":"2019-02-18T07:35:53","date_gmt":"2019-02-18T12:35:53","guid":{"rendered":"https:\/\/ssgreenberg.name\/PoliticsBlog\/?p=26577"},"modified":"2019-02-18T07:47:55","modified_gmt":"2019-02-18T12:47:55","slug":"hacker-lexicon-what-is-credential-stuffing","status":"publish","type":"post","link":"https:\/\/ssgreenberg.name\/PoliticsBlog\/2019\/02\/18\/hacker-lexicon-what-is-credential-stuffing\/","title":{"rendered":"Hacker Lexicon: What Is Credential Stuffing?"},"content":{"rendered":"

Wired <\/em>has the article Hacker Lexicon: What Is Credential Stuffing?<\/a><\/p>\n

\nThe strategy is pretty straightforward. Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to “stuff” those credentials into the login page of other digital services. Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts.\n<\/p><\/blockquote>\n

The article has some suggestions on how to protect yourself. Never using the same password for two different applications is one suggestion I have been doing for years. I have not been taking advantage of two-factor authentication, which I will have to incorporate into my procedures. I also do not change my passwords on a regular basis. That one is going to be harder to figure out.<\/p>\n

One thing I have seen lately is blackmail emails about having discovered one of my passwords. The blackmailer has discovered a password that I have used. I checked my password manager to find any accounts that used that password. Any such accounts that had that password were changed to a unique strong password, different for each account. The blackmailer keeps threatening to make use of that password, but since I no longer use it, I have not given the blackmailer any indication that I have read the blackmail emails.<\/p>\n","protected":false},"excerpt":{"rendered":"

Wired has the article Hacker Lexicon: What Is Credential Stuffing? The strategy is pretty straightforward. Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to “stuff” those credentials into the login page of other digital services. Because people often reuse the same username and password across multiple sites, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[166],"tags":[],"class_list":{"0":"post-26577","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-stevegsposts","7":"czr-hentry"},"_links":{"self":[{"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/posts\/26577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/comments?post=26577"}],"version-history":[{"count":5,"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/posts\/26577\/revisions"}],"predecessor-version":[{"id":26582,"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/posts\/26577\/revisions\/26582"}],"wp:attachment":[{"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/media?parent=26577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/categories?post=26577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssgreenberg.name\/PoliticsBlog\/wp-json\/wp\/v2\/tags?post=26577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}