jspωiki
Credential Reuse

Overview#

Credential Reuse is when an entity uses the same credential at more than one website or Service Provider

Many Identity and Access Management folks blame the users for Credential Reuse even when they have 10 or 1,000 Service Providers where these experts say they should have unique credentials. To Ldapwiki this is a Human Limitation and not a practical expectation to be achieved.

Once attackers have a collection of usernames and passwords from a breached website or Service Provider (easily acquired on any number of black market websites on the Internet), they know that if they use these same credentials on other websites there’s a chance they’ll be able to log in.

Credential Reuse Resolution#

Certainly Credential Vaults help with the Human Limitation but then there is still the possible Vulnerability of the Credential Vaults.

Multi-Factor Authentication is an reasonable Resolution to Credential Reuse

More Information#

There might be more information for this subject on one of the following: