The 2021 Credential Stuffing Report explored the relationship between credential theft and credential stuffing, and allowed us to characterize this threat landscape as an interdependent ecosystem with a distinct lifecycle. In other words, before credentials can be stuffed, they must first be stolen and deciphered, which illuminates how proper storage of passwords affects everyone, not just the victim of the theft.
This talk will explore the report's findings around password storage techniques and how they relate to credential theft events, and then provide recommendations for breaking this lifecycle and reducing the widespread risk of credential stuffing.