The community needs more eyes like yours Mr. Michael Schmitz. Thank you for your contribution!!!Credential Stuffing is not an Attack form. It is collectin Passwords to use it on other sites..
What is missing here is: Password Spraying
or Rubberhose Attack, which is not mentioned in every Security Course.
Thank you for sharing.
Quite right. This is why both MSFT and Google have gone on a rampage about getting rid of Passwords. Sometimes, MFA can be a real pain in the butt - like trying to log in on my phone, having to switch to the authenticator app, and then losing the password session - wash-rinse-repeat. But really, MFA is a staple these days. Not using it just asking to be hacked.MFA and a lockout policy virtually eliminate every password attack.
I wonder if that doesn't break MFA down, though.MFA does not have to involve looking at the phone. I use Twilio Authy and have the app running on both my phone and my desktop computer. If I am at my desktop and get the MFA prompt, I just switch to the Authy app on the desktop and view the code.