- ATO (account takeover) attacks are dangerous because when your system thinks the attacker is a legitimate user, your security safeguards won’t be able to protect your system.
- Credential stuffing uses lists of common passwords & email addresses/usernames in random pairs to ‘stuff’ the website.
- In brute-force attacks, the attacker tries a variety of passwords for a given username, usually attempting to compromise specific valuable accounts, such as admin accounts.
- In a dictionary attack, attackers precompute information about commonly used passwords and then try to obtain an encrypted password by using a large set of words from the dictionary to generate potential passwords.
- Phishing is when an attacker poses as you to get the user to disclose their credentials. The best way to prevent phishing is customer education.
Full post here, 6 mins read