Password spraying
Password spraying
(also password spraying attack, low-and-slow brute force attack)
Password spraying definition
Password spraying is a brute force attack that tries one popular password against many accounts instead of using different passwords on one account. Password spraying avoids account lockout from unsuccessful attempts, letting criminals operate undetected.
Real password spraying examples
Attacking company networks with predictable username conventions (such as name.lastname)
Attacking username lists obtained on the Dark Web
Attacking IMAP servers to spy on the email of higher-ranking staff
Stopping a password spraying attack
- Always change your default password
- Never use dictionary words or popular phrases as passwords
- Create strong and unique passwords for every account
- Use a password manager to keep track of complex passwords
- Set up multi-factor authentication