Credential stuffing, per Wikipedia, is a type of cyberattack in which stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach), are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.

According to CloudFlare; the main reason that credential stuffing attacks are effective is that people reuse passwords. Studies suggest that a majority of users, by some estimates as high as 85%, reuse the same login credentials for multiple services. As long as this practice continues, credential stuffing will remain fruitful.

While using completely different passwords for all accounts is recommended, this can be hard to manage, and requires constantly updating a password manager or having great memory.

Part of the problem is websites relying on your email address as authentication identity.

CatchMailNot proposes that the email address should change for each account. For example; using [email protected] for your Netflix account, [email protected] for your Facebook account and so on. Making up a new email address is easy and does not require remembering or managing the email address. If you forget the address just search your inbox for the website name.

Credential stuffing attacks can not connect the dots between different email addresses, even if the email domain is the same. Different email accounts make the attacker believe that there are also different passwords.

As an added bonus, CatchMailNot scans which of your aliases are leaked and/or compromised so that you can change the affected credentials.