Anyone who has attended a large sporting event knows that gaining internet access is a nightmare even in the best of circumstances! Thousands of people crammed into a stadium can disrupt your phone signal. Imagine if you could simply connect to the private stadium WiFi!
This is exactly what happened on Saturday during England's second rugby union test match against Australia at Suncorp Stadium...
Although a minor blunder, it serves as a stark reminder of the importance of good security practises and credential hygiene.
Weak credentials:
The password that was revealed was extremely weak and predictable. Hackers using a simple password cracking technique could easily gain access to the WiFi. Regardless of the cybersecurity measures in place across the Suncorp Stadium network, you are only as strong as your weakest password!
Keeper Security offers four tips for creating a strong master password:
- Length: Your password should be at least 8 characters long. The shorter your password, the less time it will take anyone to crack your code
- Avoid using a simple word, name, phone number, or address that is already in use by someone else
- Substitution: Try combining letters and numbers to spell out certain words. Instead of Hello!ILoveRugby, try something like H3ll0!I@E1vo5rBuy
- Use a variety of letters (upper and lower case), numbers, and symbols
Credential Stuffing:
Credential stuffing happens when an attacker already has your username and password, which is commonly obtained through data breaches. This example may appear obvious, but it is simply another example of a data breach! In order to log in as you, attackers will send automated requests containing these username and password combinations.
A targeted credential stuffing attack may succeed on the first try, whereas a large-scale campaign may try millions of different combinations against a single site. Dark web monitoring vendors such as Trillion offer the best defence against this type of attack. Trillion constantly monitors billions of account credentials as they pass through dark markets and criminal forums in search of the few hidden accounts that may affect you or your customers.
Conclusion:
All passwords in organisations and personal accounts should be complex and unique. Using a password manager like Keeper allows this to happen in a productive and efficient manner. You must be aware if your passwords have been leaked on the dark web. Solutions like Trillion can notify you of any breaches in real time, allowing you to act and secure your data with a new set of login credentials.
