Password Security

New York State Warns of Credential Stuffing

New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack in which attackers use automation to test stolen usernames and passwords against many different websites. New York’s advisory explains that credential stuffing “leverages the natural human tendency to reuse passwords to cope with the ever-growing number of online accounts that must be managed. Attackers know that the username and password used at one website may also be used at a half-dozen others.”

originally published on

Related posts

Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100


Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild


Introducing KnowBe4’s Password Policy E-Book