Hi, 8 déc. 2019 à 14:47 de [email protected]:
> Do you use the same username everywhere? It's common for criminals to > collect lists of usernames and try them in combination with guessed > passwords on as many services as possible. The yield is low but it's > cost-effective for them because the process is fully automated using > thousands of bots and many people use poor passwords. > It's called Password Reuse attacks or Password stuffing btw if you want to get more information about it. I've seen last week that some tools like PAF Credentials Checker (https://github.com/kindredgroup/paf-credentials-checker) are developped to detect potential use cases/occurrences to help mitigating the risks. Usual advice : use strong passwords (i.e. long enough with high entropy => generated&stored in a dedicated password manager) AND 1 different per service, never the same. Best regards, l0f4r0
