top of page

myNetWatchman Releases Study on Credential and Password Reuse

Justin McDonald

Consumers are frequently reusing passwords & credentials according to a myNetWatchman review of criminal breach activity.

myNetWatchman data shows that criminals successfully used 68 million credentials (usernames & passwords) to access consumer accounts. Consumers re-used those credentials for multiple accounts, and more than 8 million were found by criminals to be valid (successful) at more than one site. Others report that 23 percent of all logins are ATO attempts while more than half of consumers reuse at least one password and the average direct financial cost of ATO to an organization is nearly $300 per account. The widespread availability of consumer credentials from data breaches combined with consumers’ tendency to reuse passwords across multiple sites and logins leaves organizations exposed to credential stuffing attacks.

myNetWatchman’s Credential and Password Reuse study leverages insights from our proprietary data that captures fraudster use of over 15 million new credentials per day, combined with public data sources and findings related to account takeover (ATO) and password reuse.

Just as a bad actor will test compromised payment card numbers to see which are active then use those cards to make fraudulent purchases, a bad actor will use a botnet to test a trove of username and password combinations across many sites to see where the same credential pair is also used.

While we know that passwords are inherently insecure, organizations must be careful about the level of friction presented at the login event, considering how and when step-up authentication is required for account access. Like fraud prevention at the transaction event, this must strike a balance between risk mitigation and user experience, relying on risk signals to determine when more friction is warranted.

Credential stuffing is the path of least resistance for ATO attacks, and simply put, ATO events are damaging and expensive. myNetWatchman’s study on Credential and Password Reuse discusses the data and trends around credential stuffing, how to detect these attacks and considerations around balancing ATO protection and user experience.

Download this free white paper to learn more.


Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page