Credential Stuffing Prevention Cheat Sheet covers defences against credential stuffing and password spraying attacks. Multi-factor authentication (MFA) is by far the best defense against the majority of password-related attacks, with analysis by Microsoft suggesting that it would have stopped 99.9% of account compromises. In many cases, these mechanisms will also protect against brute-force attacks. In isolation none of these are as effective as MFA, however if multiple defenses are implemented in a layered approach, they can provide a reasonable degree of protection.”]
Source: https://cheatsheetseries.owasp.org/cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.html