What’s really amazing is that both criminals and organizations have access to a nearly identical set identity information that has been stolen. The simplest, most straightforward solution is to actively and passively make sure such identity information, such as user credentials, can't be reused.
Unfortunately, many organizations have decided to take other approaches that are insufficient in the face of these compromised keys or compromised credentials. We’ll discuss these approaches and dig into some of the layers to understand why these approaches are insufficient in stopping criminals from continuing to leverage compromised credentials to breach organizations. Along the way, we’ll bring clarity as to why these solutions fall short of adequately mitigating the problems associated with credential stuffing.
The paper highlights the popular approaches to mitigate credential stuffing attacks and why many of them are not effective. Specifically:
- Password policies
- Identity assurance & MFA
- Threat intelligence
- Free detection services