Skip to main content


Home Password spraying

Password spraying

(also password spraying attack, low-and-slow brute force attack)

Password spraying definition

Password spraying is a brute force attack that tries one popular password against many accounts instead of using different passwords on one account. Password spraying avoids account lockout from unsuccessful attempts, letting criminals operate undetected.

Real password spraying examples

Attacking company networks with predictable username conventions (such as name.lastname)

Attacking username lists obtained on the Dark Web

Attacking IMAP servers to spy on the email of higher-ranking staff

Stopping a password spraying attack

  • Always change your default password
  • Never use dictionary words or popular phrases as passwords
  • Create strong and unique passwords for every account
  • Use a password manager to keep track of complex passwords
  • Set up multi-factor authentication