Glossary
Password Spraying
Instead of trying 1000 passwords on one account (which gets locked), password spraying tries one common password like 'Summer2024!' on 1000 accounts. Some will work because people use predictable passwords. It's slow but effective and hard to detect.
What is Password Spraying?
An attack that tries a small number of commonly used passwords against many accounts, avoiding account lockouts that would occur from multiple failed attempts on a single account.
Why Should You Care?
Understanding password spraying is essential for building a strong security posture. This knowledge helps organizations identify threats early and respond appropriately.
Is your business exposed?
Real-World Example
Security teams regularly encounter password spraying in their day-to-day operations. Recognizing and responding to these scenarios is a core security competency.
How to Protect Against Password Spraying
- 1.
Enforce strong password policies
- 2.
Require MFA for all accounts
- 3.
Monitor for distributed login failures
Related Terms
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required