In response to the news that millions of National Lottery players have been urged to change their passwords following what parent company Camelot describes as “suspicious activity” involving lottery accounts, Travis Smith, Principle Security Researcher at Tripwire commented below.
Travis Smith, Principle Security Researcher at Tripwire:
“Password re-use can be a crippling mistake. It’s less risky for attackers to use authentic credentials than to leverage exploits, as security tools are more likely to detect an active exploit. Since the same log-in credentials are commonly re-used across different websites, stolen credentials from one breach can lead to several other breaches (known as password-stuffing or credential-stuffing attacks).
Password managers can be an effective way for using unique and complex passwords for every website. By having a unique password on each site, you eliminate the chances of criminals using password-stuffing attacks against you. If available, two-factor authentication is another great step for reducing this risk. If an attacker gains access to valid credentials, they will be rendered useless if they don’t also have access to the device generating the second factor code.”