# Credential Attacks and Defenses One-sentence definition: Common methods to obtain or guess credentials and layered controls to stop them. ## Key Facts - Attacks: phishing, password spraying, brute-force, credential stuffing. - Defenses: phishing-resistant MFA (FIDO2), rate limits, breach password checks. - Monitor impossible travel, new device, and atypical patterns. - Harden helpdesk recovery; train users; DMARC/brand protection reduces phish. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose FIDO2 + adaptive controls for resistant posture. **Mnemonic:** “**Steal** less with **strong** auth.” ## Mini Scenario Q: Spray uses “Season2025!” across tenants—mitigation? A: Ban common passwords, lockouts/rate-limits, MFA. ## Revision Checklist - Name 3 attacks. - Two technical defenses. - Recovery hardening step. ## Related [[Password Policy and Management]] · [[Passwordless and FIDO2 WebAuthn]] · [[Risk-Based and Adaptive Authentication]] · [[Single Sign-On (SSO) Patterns]] · [[Authentication Factors and MFA]] · [[Domain 5 - Index]]