Cracking the Problem of Credential StuffingExperts Urge Firms to Take a Holistic Approach to Ending Credential Stuffing Risks
Why is credential stuffing hard to solve? Are weak passwords the only reason behind credential-stuffing attacks? Experts Sanjay Singh, head of DevSecOps at gaming company Games24x7, and Navaneethan M., CISO at Groww, explain how geo-based authentication, user behavior analytics and AI can detect breaches.
Navaneethan says weak passwords aren't the main problem these days. "In case of weak passwords, if I do a brute force attack, it is more than enough, but it is no longer just about weak passwords but weak systems and whatever ecosystems the weak systems are connected to," says Navaneethan. "Companies are now looking at geo-based authentication and user behavior to authenticate."
Aside from a passwordless approach, Singh says, companies should continuously monitor systems 24/7. "The moment I find any anomaly, I have that information detected," Singh says. "Having AI- and ML-based monitoring will be helpful."
In this video interview with Information Security Media Group, Singh and Navaneethan discuss:
- How credential stuffing attacks have grown this year;
- Strategies for improving detection of credential stuffing attacks;
- The benefits of multifactor authentication.
Singh, who leads DevSecOps at Games24X7, drives cloud optimization, information security and DevOps practices in his organization.
Navaneethan, who leads security and IT at fintech company Groww, is experienced in CISO/CIO operations, strategic cybersecurity account management, enterprise security and risk management.