Stolen login credentials have experienced a significant increase, spiking by a whopping 160% in the year 2025.
In today's digital landscape, the importance of securing login credentials has never been more crucial. With the surge in compromised credentials by 160% in 2025 [1], it's clear that traditional security measures are no longer enough.
According to Verizon's 2025 Data Breach Investigation Report, stolen credentials were the root cause of 22% of data breaches in the same year [2]. This underscores the need for a more robust approach to credential security.
Check Point, a leading cybersecurity company, offers several recommendations to bolster credential security. One such recommendation is the implementation of Multi-Factor Authentication (MFA) [3]. MFA, which combines passwords with additional verification like biometrics or hardware tokens, significantly reduces the risk of account takeover even if credentials are leaked.
Another strategy is the adoption of Single Sign-On (SSO) and Identity and Access Management (IAM) policies. SSO reduces password sprawl and simplifies access governance, decreasing exposure points for attackers. IAM enforces least privilege, meaning users access only what they need, and applies conditional access policies that consider risk factors before granting access [1][2][3].
Regular and updated security awareness programs focused on detecting AI-enhanced phishing attempts and social engineering tactics are also crucial in reducing initial credential compromise [1][2][3].
Continuous monitoring for anomalous sign-ins and credential exposure on dark web forums is another essential measure. Solutions that monitor for stolen credentials appearing on dark web marketplaces or paste sites, and integrate threat intelligence with automated response workflows to quickly revoke access or require password resets, are invaluable in this regard [1][2][4].
Check Point also advises tightening up password management policies, including enforcing strong password policies, limiting login attempts, and restricting user rights to minimize lateral movement after compromise [2][3][4].
Network and endpoint protections, such as intrusion detection, firewalls, and restricting access to potentially dangerous third-party sites, are also key [3][4]. Monitoring corporate credentials on personal devices lacking endpoint protections is also important, as such devices often increase risk.
The increase in compromised credentials could be due to the use of AI in phishing attacks and an increase in stealer families. Organizations cannot completely prevent the theft of login credentials, but by implementing these strategies, they can significantly reduce the risk and respond more quickly when breaches occur.
Sources:
[1] Check Point. (n.d.). Protecting against credential theft: Best practices for MFA, SSO, IAM, and more. Retrieved from https://www.checkpoint.com/cybersecurity/protecting-against-credential-theft-best-practices-for-mfa-sso-iam-and-more/
[2] Verizon. (2025). 2025 Data Breach Investigations Report. Retrieved from https://www.verizon.com/business/resources/reports/dbir/2025-dbir/
[3] Check Point. (2022). Threat Prevention: Protecting against credential theft and phishing. Retrieved from https://www.checkpoint.com/security-management/threat-prevention/protecting-against-credential-theft-and-phishing/
[4] Check Point. (2023). Threat Prevention: Protecting against brute-force attacks and cross-account credential stuffing. Retrieved from https://www.checkpoint.com/security-management/threat-prevention/protecting-against-brute-force-attacks-and-cross-account-credential-stuffing/
[5] Check Point. (2022). Protecting against AI-powered phishing and Malware-as-a-Service threats. Retrieved from https://www.checkpoint.com/security-management/protecting-against-ai-powered-phishing-and-malware-as-a-service-threats/
