The reuse of password by users is still probably the most common cyber security mistake organisations and individuals make – making a credential stuffing attacks profitable for threat actors.
Once a threat actor has gathered their lists of credentials then they – or rather their automated tools will attempt to login to service after service just in case you have reused a password username combination. If you have they are in and you lose.
However this type of attack is easily detected and so can be defended against.
Now the FBI has issued a warning about a work around that many threat actors are using to avoid this detection:
FBI warns of residential proxies used in credential stuffing attacks – Bleeping Computers
The bottom line to all this is do not reuse a password…
…and get MFA enabled on every account and service that offers it.
Clive Catton MSc (Cyber Security) – by-line and other articles
Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.
