Connect with us

Technology

HOW TO PREVENT CREDENTIAL STUFFING ATTACK

Published

on

Credential stuffing is a type of brute force attack where the attacker uses an already available credential (i.e. stolen) on another website/system as a login attempt.

For example, a hacker may gain a password-username pair of a Facebook account and then attempts to use the same credential to log in on Gmail or Instagram. The basic premise behind credential stuffing attacks is fairly simple: most people have the tendency of using the same pair of password and username on all of their accounts, and the attacker simply exploits this fact.

Many lists of stolen credentials are now sold and even shared publicly on the internet, and as a result of this phenomenon, credential stuffing attacks have risen in popularity for the past few years.

In this guide, we will discuss how we can effectively prevent credential stuffing attacks and how to protect our account, website, and system from this scary version of brute force attacks.

 

1. Strong and Unique Passwords

The best and most effective approach in preventing credential stuffing attacks is to require the practice of using strong passwords to be mandatory, and advising your users to use unique passwords (i.e. one password for one account only).

As a general rule of thumb, a strong password is 10-characters long and should feature a combination of uppercase letters, lowercase letters, symbols, and numbers. You can also use various password randomizer and password manager solutions to create really strong, randomized passwords (which will also help in using unique passwords for different accounts.)

 

Mike

2. Multi-Factor Authentication

The idea of multi-factor authentication (MFA) or 2-factor authentication (2FA) is to ask for additional (or more) information besides the username-password combination before someone can access the account. So, in the event of a credential stuffing attack, an attacker won’t gain access even if they possess the right credential.

This secondary information can be:

  • Something you have: a USB dongle, etc.
  • Something you know: a secondary password, PIN, OTA code, etc.
  • Something you are: fingerprint, iris, face ID, etc.

MFA is very effective in stopping credential stuffing and brute force attacks in general. However, requiring too many MFA requests can significantly ruin your site’s user experience (UX) and might increase the bounce rate.

Finding the right balance between security and usability is also very important, so you can strategically require MFA only on certain suspicious conditions, for example:

  • Different browser/device/IP address or other signature
  • Login attempt from unusual location or countries that are considered suspicious
  • Blacklisted IP address, IP address that has tried to log in to multiple accounts
  • Obvious bot/scripted activities

 

3. CAPTCHA

Since many credential stuffing and brute force attacks are performed by automated scripts (bots), implementing CAPTCHA can help in blocking these bots in performing their task. However, CAPTCHA is one a one-size-fits-all answer for credential stuffing attack for two reasons:

  1. There are now CAPTCHA farm services where a human worker will solve the CAPTCHA before passing it to the bot, rendering CAPTCHA useless.
  2. Similar to MFA, CAPTCHA can ruin user experience, so it’s very important to use them sparingly.

In general, use CAPTCHA only in specific, strategic scenarios, and you can combine it with other techniques.

 

4. Notify Users About Unusual Activities

Many people don’t realize when their credentials have been stolen, so it may be appropriate to notify or warn the user when suspicious activities are detected.

However, don’t overwhelm users with too many notifications and only send appropriate/important ones. Or else, the user might just ignore or delete the notification, making this approach counterproductive.

For example, if there had been a successful login but it failed the MFA check, then the user should be notified so they can change the password immediately.

It’s also important for your users to be able to view details related to recent logins (date, time, and location). Also, if the application allows simultaneous sessions, the user should be able to view a list of all active sessions and to terminate any other sessions they deem suspicious.

 

5. Fingerprinting

The basic approach in preventing credential stuffing attack is to blacklist IP addresses and/or a range of IPs after a certain number of failed login attempts. However, sophisticated bots can now rotate between thousands of IP addresses, so IP-based detection might not be very effective.

So, we can also fingerprint other factors to determine whether the traffic is a legitimate user, like browser, device signature, operating system, the language used, and more. There are various fingerprinting-based solutions you can use for this method.

The idea is, if the new traffic doesn’t match the user’s previous signatures,  you can ask this client for additional authentication (MFA, CAPTCHA, or others). Keep in mind, however, that a user might share the account with their friends or family members, so implement this method strategically.

In combination with fingerprinting, we can also configure alerts on the login success ratio of suspicious users. For example, a login success rate below 10% is very suspicious, and credential stuffers can reach a close to 0% success rate. Tracking login success ratios can be very effective in detecting credential stuffing attacks.

 

6. Investing In a Bot Detection Solution

One of the most effective approaches in preventing credential stuffing attacks is to use an advanced account takeover protection solution that can effectively detect and block malicious bot traffic attempting the attack in real-time.

Since both bots and humans now use the same browsers and IP addresses, real-time and automated credential stuffing protection is now necessary. Humans can no longer act fast enough to match the bot activities, and this is where AI-powered, machine learning bot detection solutions can be very effective in preventing credential stuffing attacks.

 

End Words

While there is no perfect method that can 100% prevent credential stuffing attacks, the 6 methods we have discussed above are among the most effective in identifying, preventing, and mitigating the effects of potential credential stuffing.

The most effective approach, however, is to have an effective bot detection and mitigation solution that can detect the credential stuffing attempt in real-time. Solutions like DataDome offer a comprehensive bot detection solution that deploys in minutes on any infrastructure, fully automated.

Business

Hybrid Intelligence – The only way to face the problems of the future

Published

on

Author: Prof. Dr. Iris Lorscheid, Vice-Rector Research and Professor of Digital Business and Data Science Computer Science at the University of Europe for Applied Sciences  

 

Our world is complex and challenging, and the problems are likely to become more complex in the future. The world becomes more interconnected and globalized as technology advances, the global population grows, and resources become scarcer. All of this needs achievements in innovations in cybersecurity, sustainability, resource management and more. Hybrid Intelligence is the future because it combines the strengths of humans and machines to solve complex problems that neither humans nor machines can solve on their own.

Prof. Dr. Iris Lorscheid

The concept of “Hybrid Intelligence” was introduced by Dominik Dellermann to describe the collaboration between human intelligence and artificial intelligence (AI) in order to achieve more effective problem-solving and decision-making. The focus is on developing more advanced AI systems that can work with humans in the best possible way.

Together, human and AI can create solutions that neither could achieve alone. By combining the strengths of both, complex problems can be solved, and new insights can be gained faster, more successfully, and more comprehensively than by working individually.

Humans have long understood that collaboration is more effective than individual effort, which has led to our success. The success of a group depends not only on the best and brightest minds but also on effective teamwork and interaction between individuals. With AI as a new team member, the question now is how we can best strengthen each other and find new solutions together.

To ensure responsible and ethical use of AI, it is critical to discuss ethical considerations when working with it. It is important to ensure that AI systems are safe and reliable in order to prevent harm to people and society. AI systems may perpetuate existing social and cultural biases. Transparency in decision-making processes can aid in the development of trust and accountability for the outcomes produced by AI systems. Protecting personal data privacy is critical in order to protect individuals’ rights and autonomy. Establishing accountability for AI decisions entails ensuring a clear chain of responsibility for any negative outcomes. Addressing these concerns is critical for developing beneficial AI systems that can help individuals and society while minimizing potential harm.

AI should be viewed as a tool to assist humans rather than to replace them. Innovations are an opportunity for a better world, and a better life.

AI can help us understand climate patterns and predict weather conditions by analyzing large amounts of data from various sources such as weather satellites, sensors, and historical climate data.

AI can help farmers maximize crop yields while minimizing waste. Farmers, for example, can use AI-powered sensors to monitor soil moisture levels and plans. AI can provide farmers with the information they need to take preventative measures to save their crops from disease or to increase food production efficiency.

The analysis of complex medical images, patient histories and treatment results will help doctors around the world to come to better conclusions and decisions.

Concerns and fears are frequently associated with the introduction of new technologies such as AI. Overcoming these fears requires an open and informed debate focused on the benefits and potential of hybrid intelligence. By educating the public and encouraging open communication between developers, users, and authorities, these worries can be eased.

Change introduces a variety of challenges that require innovations. Innovations, in turn, cause further change. We need to be open for this reoccuring cycle to create new opportunities and to improve the quality of life for many.

AI advancement holds great promise for addressing some of the world’s most pressing issues. Let’s go on an adventure and investigate the possibilities of human-AI interaction in business, education, and our every-day life.

 

 

Continue Reading

Finance

How diversity is evolving in the fintech industry

Published

on

By

by Elena Dimova, VP HR Bulgaria and Operations & Technology at Paysafe.

 

With both finance and technology being traditionally male-dominated fields, and fintech representing a coming together of the two, ensuring strong female representation in our industry has not always been easy. Women’s History Month is a good time to review how gender diversity is evolving in fintech, and look at which external factors are contributing to progress as well as those which would benefit from a renewed focus.

The pandemic, and more specifically the subsequent hybrid and remote working models which followed, is one such catalyst that has brought about changes which are positively impacting diversity in fintech. The resulting increase in flexibility has created more attractive working environments for women who traditionally face more of a challenge with the double burden of work and home responsibilities. Where before they often had to choose between the two, it now seems to have empowered more women to achieve a better balance between their personal and professional lives. While this increase in flexibility wasn’t specifically introduced to support women in the industry, it has created an environment that is largely seen as beneficial for their professional development. And the more women progress in the workforce and in their respective fields, the more visible they become, allowing them to serve as role models for others and hopefully attracting new female applicants.

Other external factors that have indirectly impacted diversity in fintech are the current cost-of-living crisis and increased global migration as a result of the war in Ukraine. While the end-user base of fintech services has traditionally been male-dominated, which has historically led to predominantly male employees tailoring products towards men’s taste, these macroeconomic influences are changing this dynamic as well. We have seen women become a larger part of the user base for fintech services to meet their evolving needs, which should lead to fintech companies giving more careful consideration to female audiences when enhancing existing products and services and developing new ones. Therefore, we can also expect more women to be involved in their development.

In addition to these external trends, which seem to have had a positive impact on female representation in the fintech industry as a whole, there are also certain roles that have traditionally attracted women. Roles such as marketing and client servicing teams, which tend to rely on softer skills, continue to attract female talent, along with risk, compliance and finance, which also have a fair representation of women. This trend seems to be continuing on an upward trajectory, supplemented by the industry’s increased focus on regulation and security, which gives these teams more opportunities for development and growth. When you look at it from this perspective, gender diversity in the fintech industry appears to be at a good level and progressing well.

However, there are some persistent challenges that require a concerted effort by the industry in order to increase diversity and attract more women. STEM (Science, Technology, Engineering and Mathematics) based disciplines like security and product development are areas where women are still under-represented, and fintech is no exception. This is a prime example of a vicious cycle where the preconceptions around these areas being male-dominated put women off pursuing careers in them, which in turn leads to the workforce continuing to be mostly male. This is a challenge that needs to be tackled directly in order to improve female representation. At Paysafe, we work closely with our learning and development teams to attract and retain a more diverse workforce in these areas and provide women with opportunities to progress into senior tech roles within the business.

So, while we are seeing some positive change, to overcome its current diversity challenges, the industry as a whole clearly has a role to play to encourage women to participate in fintech. It is also crucial to work collaboratively with the education industry to effect change at a ‘grass roots’ stage, making STEM more accessible to young girls early on in school. This would go a long way in empowering women to embark on a tech-focused career. Another important factor would be to showcase more successful female role models in tech. That would have a long-term impact on dispelling the preconceived notion of technology being a male-dominated field and making these jobs more attractive to women.

There are also some more immediate steps fintech businesses can take to encourage increased diversity. A good way to start would be to review recruitment practices and make them more accessible for a female audience. From the way job opportunities are communicated, to transparency around internal policies, to training interviewers on unconscious bias, there are a lot of opportunities to improve the process. At Paysafe, we take these areas seriously throughout the full employee lifecycle. This helps us reach more diverse candidates and retain them throughout the process, onboard them as employees and provide an inclusive workplace where they can progress in their careers.

As an industry, it is key to focus on attracting more women in technical areas and creating role models. This will certainly help us improve diversity in the long term. We also need to get better at communicating what skills are valuable for a career in fintech and the breadth of roles that are available. If we make an effort to show women that they can have a sustainable and successful career in our industry, we will achieve a more diverse and inclusive workforce.

Continue Reading

Magazine

Trending

Business23 hours ago

Does the middle market have a financial edge?  

Companies tend to look up the ladder when searching for ways to improve efficiency and business performance. What are larger...

Business2 days ago

Hybrid Intelligence – The only way to face the problems of the future

Author: Prof. Dr. Iris Lorscheid, Vice-Rector Research and Professor of Digital Business and Data Science Computer Science at the University...

Business3 days ago

Consumer demand driving sustainable payments

Jenn Markey, VP Payments & Identity, Entrust   Sustainability is a buzzword that seems to be at the forefront of...

News3 days ago

Adyen drives conversion uplift with advanced authentication solution

The company’s expanded authentication offering optimizes authorization, security, and end revenue   Adyen (AMS: ADYEN), the global financial technology platform...

Finance3 days ago

It’s time for financial institutions to take personalization seriously

Maria Schnell, Chief Language Officer at RWS   Financial institutions will always play a critical role in society, offering essential...

Banking5 days ago

The Future of Capital Markets: Democratisation of Retail Investing

Nicky Maan, CEO of Spectrum Markets   Over the past decades, global capital markets have undergone tremendous changes. There have...

Top 106 days ago

5 Often-Overlooked Investment Options To Consider Exploring In 2023

When choosing what to invest in, many people will initially focus on the stock market which is considered a more...

News6 days ago

New Open Banking platform Archie waves a timely hello to Britain’s beleaguered businesses

Archie is a game-changing payments and data platform that’s inherently human in its approach; a refreshing proposition in the jargon-heavy...

Finance1 week ago

Innovating inclusivity: How invoice financing is diversifying access to financial streams

“Entrepreneurs, particularly those in the supply chain in Europe, the United Kingdom, and indeed the rest of the world, frustrated...

Business1 week ago

The data behind AI’s success in the financial sector

Or Lenchner, CEO at Bright Data   AI (Artificial Intelligence) has taken the world by storm. The OECD estimates that...

Business1 week ago

The Risks Of Company Mergers And How To Avoid Them

There are a lot of benefits to agreeing on a company merger with another business, and this includes, but is...

Finance1 week ago

How diversity is evolving in the fintech industry

by Elena Dimova, VP HR Bulgaria and Operations & Technology at Paysafe.   With both finance and technology being traditionally male-dominated...

Finance1 week ago

How the Isle of Man is encouraging a new generation of FinTech innovators

FinTech’s potential to transform how finance and business operates has gained attention around the world in recent years. In 2022,...

Business1 week ago

Protecting Customer Data in Online Business

With the increasing number of online businesses, protecting customer data has become more important than ever. Cybersecurity breaches can cause...

Business1 week ago

END OF AN ERA OF CHEAP MONEY

Professor Milos Petkovic, PhD Lecturer at Berlin School of Business & Innovation   Prior to 2022, the global financial market...

Business1 week ago

Utilising Data to Cater to Customer Experience: How Connected Enterprises Benefit from a Data-Driven Mindset

Sateesh Seetharamiah, CEO, Edge Platforms, EdgeVerve   In today’s increasingly digitised society, developing customer intimacy through delivering personalised interactions is...

Business2 weeks ago

THE AUTOMATION OF LENDING AND DEBT MANAGEMENT IN THE UK

By John Wayman, head of partnership relations at Aryza. The recent launch of ChatGPT placed artificial intelligence (AI) firmly in the spotlight. Almost...

Business2 weeks ago

How Companies Can Protect Revenue During a Downturn

Kathleen Hartigan, VP International at Clari   While there are hopes of inflation easing off, the current trajectory for the...

Banking2 weeks ago

How poor data governance is crippling banks

By Philip Dutton, CEO and Co-founder of Solidatus   It may have started ‘Dear [Chief Executive Officer]’ and ended ‘Yours...

Banking2 weeks ago

Is 2023 the year Open Banking is widely adopted?

Olga Karablina, Head of Payment Product Development and Partner Relations at ECOMMPAY   The growth of Open Banking has largely...

Trending