close

Keeper’s Guide to Password Spraying Attacks

Get Protected Now

Learn to understand, detect, and protect against Password Spraying Attacks

Learn to understand, detect, and protect against Password Spraying Attacks

Password spraying attacks can be a serious risk for both individuals and businesses. With the very real problem of password recycling and the widespread compromising of login credentials across the globe, protecting passwords is more important than ever.

In this guide, we’ll cover password spraying attacks, what they are, how to detect them, and how to protect yourself or your business from becoming a victim of these powerful cyberthreats.

What is Password Spraying?

Password Spraying (or, a Password Spray Attack) is when an attacker uses common passwords to attempt to access several accounts on one domain. Using a list of common passwords, such as 123456, password1, and more, an attacker can potentially access hundreds of accounts in one attack if the users aren’t using strong passwords.

The reason for this is that the majority of individuals use the commonly-used passwords and weak passwords on multiple websites, applications and systems. Cybercriminals dictionary these common passwords as the arsenal for their attacks.

Cybercriminals can gain access to several accounts at once, giving them access to business or personal accounts and personal information. Imagine a cybercriminal getting into just one-third of your business’s accounts. They could have access to:

  • Bank information
  • Personal information on employees
  • Benefits information, including account numbers
  • Sensitive company data
  • Product information
  • Trade secrets
  • Other login credentials

The danger of password spraying is only increased due to the frequent misuse of common passwords.

The danger of password spraying is only increased due to the frequent misuse of common passwords. Over 65% of internet users reuse their passwords across multiple or all of their accounts. Now you can see why password spraying can be so effective—it only takes a few people using poor passwords to jeopardise an entire business.

How do Password Spraying Attacks work?

Password spray attacks are typically carried out with a spraying toolkit (a collection of software tools or a single program) and by gathering usernames from a directory or an open source. The toolkit is used with some commands to usurp the usernames and then spray a list of common passwords in an attempt to break into accounts.

How do Password Spraying Attacks work?
Password Spraying vs. Credential Stuffing

Password Spraying vs. Credential Stuffing

Another common attack is credential stuffing, which is similar to password spraying, but with some key differences. Instead of cycling through common passwords, credential stuffing is where full verified credentials (typically username + password) are revealed, often from another system’s data breach, and are “stuffed” into a different system’s login portal.

How to Detect Password Spraying Attacks

Detecting a password spray attack early on can give you ample time to react and protect your accounts. Here’s how.

For Personal Users

  • MFA/2FA: Securing accounts with multi-factor authentication allows you to require another set of credentials to access your accounts, as well as provide notifications when a new device attempts to access them.
  • Keeper BreachWatch®: Use BreachWatch to secure your data and get notified if any of your credentials have been breached. BreachWatch monitors the dark web for breached accounts and alerts you instantly so you can take action to protect your online identity

For Business Users

  • Pay close attention to logins: Continuous inputting of bad usernames is generally a sign of an attack. Make sure your IT team is paying close attention to company logins and is notified when bad usernames are continuously inputted.
  • Monitor for an increase in account lockouts, authentication attempts or failed logins: Password spraying is dangerous, but not always successful. Make sure you’re notified when failed logins occur. Monitor failed logins for patterns. One or two consecutive failed logins isn’t always cause for alarm, but several failed logins from different accounts is worth looking into.

How to Prevent Password Spraying Attacks

For Personal Users

  • Use Multi-Factor Authentication. This requires extra credentials to log in to your accounts, and notifies you of attempted logins. Diversifying your MFA/2FA requirements can add an extra layer of security. For example, don’t only use TOTPs. Try using biometrics on certain sensitive accounts. Keeper supports popular methods of 2FA including:
    • SMS/Text Message
    • TOTP generator apps such as Google
    • Duo Security
    • RSA SecurID
    • Keeper DNA (using Apple Watch and Android Wear devices)
    • U2F-based physical keys such as YubiKey
  • Don’t use common passwords. Some of the most common passwords involve the words password, love, and sequential numbers. Create unique, complex passwords for each account and don’t recycle passwords. A password manager like Keeper can help you generate more strong, unique passwords, store them safely, and integrate with third-party authentication software.

For Business Users

  • Implement MFA and security questions on company portals
  • Use CAPTCHAs to prevent bots from logging into accounts with stolen credentials.
  • Use updated VPNs for the team to hide IP addresses and make it far more difficult for an attacker to narrow down your business’s exact IP addresses.
  • Enact a strict cybersecurity policy at your company that focuses on creating unique, complex passwords for every account. An Enterprise Password Management Platform (EPM) like Keeper can help facilitate this change, and can help you safely share passwords across the business without jeopardising company information.
  • Institute companywide education for all employees on the dangers of password spraying, other cybersecurity threats and the need for better passwords. This should include information on how to create better passwords, recognise threats, and what to do if you think your account has been breached.

Keeper Protects You, Your Family and Your Business Against Password Spraying Attacks.

Get Protected Now