• ATO (account takeover) attacks are dangerous because when your system thinks the attacker is a legitimate user, your security safeguards won’t be able to protect your system.
  • Credential stuffing uses lists of common passwords & email addresses/usernames in random pairs to ‘stuff’ the website.
  • In brute-force attacks, the attacker tries a variety of passwords for a given username, usually attempting to compromise specific valuable accounts, such as admin accounts.
  • In a dictionary attack, attackers precompute information about commonly used passwords and then try to obtain an encrypted password by using a large set of words from the dictionary to generate potential passwords.
  • Phishing is when an attacker poses as you to get the user to disclose their credentials. The best way to prevent phishing is customer education.

Full post here, 6 mins read