In response to DailyMotion’s disclosure on Friday that it’s suffered a credential stuffing attack (which it’s reported to France’s Commission nationale de l’informatique et des libertés [CNIL] complying with GDPR requirements), four experts with OneSpan and STEALTHbits offer perspective.
“Passwords and personal identifiable information are almost guaranteed to be exposed in ever increasingly sophisticated and frequent data breaches. It’s more important than ever to secure and protect the entire digital customer journey, and the data captured within, by taking a layered approach to security. This helps capture and analyze multiple complementary authentication factors and correlational data to establish trusted identities, devices and transactions. This is how we help our global banking customers – by making it harder for cybercriminals to capture data and commit fraud.”
Michael Magrath, Director, Global Regulations & Standards at OneSpan:
“Consumers who have not yet upgraded to multifactor authentication (MFA) to login to websites, more often than not, reuse a few static passwords across multiple websites. Given the vast number of password-related breaches over the past few years, the convenient, yet insecure reuse of static passwords exposes individuals to the credential stuffing attack used in this case. Consumers should always use MFA, where available, to add an additional layer of security to protect their privacy. Many websites support MFA today. The good news is, more and more are supporting frictionless solutions such as intelligent adaptive authentication and behavioral biometrics which balance ease of use with security.”
“In giving users flexibility to set any desired password we fail to fix stupid. Carbon based life forms cannot trip over creating secure passwords. Our challenge as system owners is to prevent users from doing lazy and stupid things. For example, so I don’t forget my password let me include my logon name in it plus by date of birth. Users will go out of their way, unintentionally, and do the least secure thing possible. As an administrator prevent it.”
“Sharing passwords between sites is a recipe for disaster, especially when the same credentials are used for business. One exposed password along with an exposed username/password is all it takes to for attackers to brute force their way into your account. Today there is a plethora of personal password management tools which makes the process of maintaining unique credentials a no-brainer. Keep your passwords strong and unique, and NEVER use the same password for a business as you would for personal sites.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.