Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How To Protect Yourself From Credential Stuffing

How To Protect Yourself From Credential Stuffing

By Daniel C. Daniel C. Verified by Saskia H. Saskia H.Last updated: December 12, 2024 (0)
Table of contents

Cybercrime had already been increasing, but the number of cyberattacks has spiked since the beginning of the COVID-19 pandemic. Forced to stay at home to protect themselves from the virus, people started spending more time online for entertainment, work, and shopping – and cybercriminals saw this as an opportunity to make a quick buck. All types of cyberattacks have increased, but credential stuffing incidents deserve special attention, as they nearly doubled between 2016 and 2020. But what is credential stuffing exactly? And what can you do to protect your accounts?

What is credential stuffing

Credential stuffing is a subcategory of brute force attacks. Both involve the cybercriminal using bots to try thousands of passwords to crack into the target’s account. However, there’s a big difference between the two. While in a brute force attack, hackers try to guess the password with no clues whatsoever, cybercriminals already have access to at least one of your credentials in a credential stuffing attack. They use those credentials (or similar ones) to hack into other popular websites, such as streaming services and ecommerce platforms or your company’s servers. But let’s get into the most important part – what can you do to protect yourself from this threat?

4 ways to protect your accounts from a credential stuffing attack

Hacking Detected Royalty Free image

Have unique passwords

The best way to make sure a hacker doesn’t access multiple accounts when they get their hands on one of your credentials is to have completely different passwords for all your profiles – stress on the word completely. Even if you have distinct passwords, it won’t work if they’re similar, as a cybercriminal will be able to crack them within hours.

It’s extremely easy to have random passwords for all your accounts with a password manager like 1Password. By taking advantage of its password generator tool, you can create lengthy passwords with all character types, including capital letters, numbers, and symbols. And don’t worry about the time you’ll spend typing those credentials. Password managers either come with autofill or allow you to copy the information with one click.

Use dark web monitoring

Another essential aspect of credential stuffing protection is to know about company leaks. Unfortunately, you don’t have any control over websites being hacked. Service providers are responsible for having security measures to ensure cybercriminals can’t access their clients’ data. However, companies don’t always follow best practices, and data breaches happen even to the biggest service providers out there.

The only thing you can do is make sure none of your accounts have been leaked on the dark web. You can do this manually by visiting the website Have I Been Pwned and typing your email. However, it’s far more productive to have a password manager do this for you. 1Password is an excellent example of a platform that constantly browses the dark web to find your credentials. If it does find them, it gives you a visual warning to change your password as soon as possible.

Man Hood Laptop

Enable multifactor authentication

Multifactor authentication is a great way to keep hackers at bay regardless of the type of attack. If the cybercriminal can get your credentials, they’ll need other types of information to actually access your account. These can be a pin, security question, code sent to the account owner’s phone, fingerprint, and the list continues.

Sadly, not all websites support multifactor authentication. Even so, you should enable this option on all apps that allow it. This way, the hacker won’t be able to access your account, and it will be harder for them to spill credentials onto other websites.

Delete zombie accounts

It’s easy to forget about accounts you haven’t used for months. But the truth is that they’re still there and are more likely to be affected by a data breach. A great example of that is Myspace, the social media website that was everything back in the 2000s and is now only used by a select few. Most people shifted to Facebook but forgot to delete their Myspace profiles. In 2013, millions of inactive accounts were breached when the company was hacked. Long story short, if you aren’t planning on using an account again, just delete it.

At the end of the day, any website can become the next target of a cybercriminal. If you don’t protect yourself from credential stuffing, a website that doesn’t even have your private information can quickly become the fuel that makes your life go up in flames. So, make sure to follow password hygiene best practices and enable multifactor authentication.


Best password managers of 2025

Editors' choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us