Security News > 2020 > August > Credential stuffing attacks can be stopped, says Auth0
Auth0 claims it can reduce the effectiveness of attacks using them by 85% with its new bot detection tool.
Access control provider Auth0 has released a new set of tools that it said can reduce the effectiveness of credential stuffing attacks by 85%. The new features are lumped together in what Auth0 calls Bot Detection, and all are designed to reduce the chance that a credential stuffing attack is successful.
Credential stuffing is a common method of brute-force cybercrime that involves using credentials stolen from one breached website to try logging in to another.
There's no guarantee that a person has an account with a target website, nor that they're using the same password, so credential stuffing attacks involve tossing stolen credentials at login pages by the bucketful.
Because credential stuffing attacks use login pages to exploit stolen credentials, the simplest way to interrupt their attack flow is to throw up a CAPTCHA page, which is what Bot Detection does by correlation of a variety of data sources to determine if what's happening is in fact an attack, and whether or not it's coming from a bot.