How do you handle credential stuffing? Attackers will use a huge number of regul...

		kevincox on March 23, 2024 \| parent \| context \| favorite \| on: Google ordered to identify who watched certain You... How do you handle credential stuffing? Attackers will use a huge number of regular residential IPs or VPNs that you would expect to see logins from. How do you tell a credential stuff from a regular login? They are both coming from unknown IPs with normal login rates and they have valid credentials.

Because there’s a bit more to it than just tracking IPs and rates.