How many of your users are using insecure and compromised passwords? You may have a standard password strength meter on your site so you may think that your users have secure passwords. Think again. Password strength meters and password complexity requirements are simply not enough.
Billions of user credentials (usernames and passwords) have been exposed publicly over the last few years. The natural question that comes up is “what do cybercriminals do with these stolen credentials?” Well, apart from using them to attempt logins to the breached website itself, the second most common thing cybercriminals will do with stolen credentials is to use them in an attack called “credential stuffing.”