Credential stuffing sounds like something we might do around the holidays, but it's actually a rather sophisticated attack on known and vulnerable systems. Think about all of those sites out there that you may have an account on that got hacked… Right?!  There is a list, things like Canva, Adobe, LinkedIn, Facebook, Marriott the list goes on, but most likely you have at least one, if not all of them. So no big deal you changed your password on all of those right?! Just go to your apple settings and hit password, or your google chrome account and check those autofill passwords. There actually is a list already in there of all of your passwords that have been compromised and still have not been changed. Please change them!

This is a great first step, but you think, so this is my personal stuff, what does this have to do with my business and credential stuffing? Well with the recent 23andMe attack we learned they used a process called credential stuffing. The idea is that a password that you have used once, you will most likely use again. Smile123 anyone, and that even if you don't reuse it, other offices might also use the same password. They took passwords that had been breached and tried them on several thousand 23andMe accounts, ultimately gaining access to over 14,000 accounts this way. 

The crazy part is, that those more than 14,000 accounts had also opted in to sharing their data with other 23andMe users, and vice versa, allowing access to more than 6.9 million accounts. 

With Henry Schein, ADA and other dental sites being hacked, dental passwords or passwords commonly used in dental offices are now starting to float around. Those passwords, that are such a burden for your front desk staff to use to get their job done, are now out there. Did you change them with your entire front desk, or is it too difficult to change all three of their password books? Or do you have a password excel on their desktop? Maybe you opt in to chrome autofill. Eitherway, you need to make sure you have changed them for everyone, and for any account you may have reused it, with a 12 digit secure password. The other part of this is to review and implement a secure way to store your passwords. None of those options above is secure, unless your password book is locked up in a safe and you track who accesses the safe, you can find more on that here.

Not sure where to start, or need someone to take a look at the way you are managing your passwords? Contact us to see how we help other dentists protect their patients, their practice and the future of their business. Let’s sit down to a quick strategy session and see where to start.