Beat The Bots: Secure Logins

An attack against a username and password form, using an automated computer programs to repeatedly attempt to log in to a website with potential usernames and passwords is called a bot attack. Bot is shorthand for robot. 

 

These bots are programmed to submit login requests in rapid succession, using various combinations of common and weak passwords, and can cycle through millions of attempts in a short period of time. This attack aims to gain unauthorised access to user accounts and steal sensitive data, such as financial information, personal data, or intellectual property. Cleaning up after this type of attack is often a laborious and thankless task.

The most common types of bot attacks against username and password forms include:

Brute force attacks: The bot systematically tries every possible combination of characters for the username and password until it finds the correct one. This type of attack can be very effective against weak passwords, but it can also take a very long time if the password is strong and complex.

Dictionary attacks: The bot uses a pre-existing list of commonly used passwords, dictionary words, and common phrases to guess the correct password. This type of attack can be faster than brute force attacks, but it may not be as effective if the user has chosen a unique password.

Credential stuffing attacks: The bot uses stolen username and password combinations from other data breaches to try and log in to other websites. This type of attack is particularly dangerous because many people use the same password for multiple accounts, making it easier for the attacker to gain access to multiple accounts using the same credentials.

To protect against bot attacks, website owners would embed the Cipherise library in their mobile and web applications which authenticates users whilst eliminating the need for usernames and passwords. By incorporating the phone’s biometric verification, users can authenticate themselves making the process a fast and seamless experience. The bot attack is mitigated because there are no credentials for the end user. Problem solved.

If you want to know what this looks like, AustCyber run AUCyberscape. AUCYBERSCAPE is Australia’s first national cyber security digital ecosystem – showcasing Australian cyber security capability and opportunities globally.. Cipherise protects this ecosystem, chosen out of all potential options to protect it’s membership portal. 

Check out https://aucyberscape.com/login/, click login and see how difficult it is to execute a brute force attack. No one has succeeded to date. 

The best of the best choose and use Cipherise.

Click here to book a meeting with Cipherise to secure your web and mobile applications.