The present disclosure relates to computer-implemented methods, software, and systems for identifying potential attacks through monitoring of user credential login attempts across a network of websites. One example method includes receiving a request associated with an authentication of a requestor at a landscape environment. In response to receiving the request encrypted credentials responsive to the request are loaded at a credential manager running at the landscape environment. The encrypted credentials are persisted at a storage by the credential manager. The encrypted credentials include credentials that are encrypted with a public key and are provided in encrypted form to the credential manager. The encrypted credentials are provided to a credential usage component running at the landscape environment for decrypting the encrypted credential with a private key persisted by the credential usage component at the landscape environment.