Business and Enterprise
Protect your company from cybercriminals.Start Free Trial
Password spraying (or, a Password Spray Attack) is when an attacker uses common passwords to attempt to access several accounts on one domain. Using a list of common weak passwords, such as 123456 or password1, an attacker can potentially access hundreds of accounts in one attack.
Cybercriminals can gain access to several accounts at once, giving them access to business or personal accounts and personal information. If a cybercriminal gets into just one-third of your business’s accounts, they could have access to:
Another common attack is credential stuffing. Instead of cycling through common passwords, credential stuffing takes advantage of the fact that some people may use the same login credentials for various accounts and are “stuffed” into a different system’s login portal. These passwords are full verified credentials (typically username + password) and are often revealed in another system's data breach.
Unlike credential stuffing, password spray attacks are typically carried out with a spraying toolkit (a collection of software tools or a single program) and by gathering usernames from a directory or an open source. The toolkit is used with some commands to usurp the usernames and then spray a list of common passwords in an attempt to break into accounts.
Detecting a password spray attack early on can give you ample time to react and protect your accounts. Here's how.
MFA/2FA: Securing accounts with multi-factor authentication allows you to require another set of credentials to access your accounts, as well as provide notifications when a new device attempts to access them.
Dark Web Monitoring: Use a dark web monitoring service to secure your data and get notified if any of your credentials have been breached. BreachWatch® monitors the dark web for breached accounts and alerts you instantly so you can take action to protect your online identity.
Pay close attention to logins: Continuous inputting of bad usernames is generally a sign of an attack. Make sure your IT team is paying close attention to company logins and is notified when bad usernames are continuously inputted.
Monitor for an increase in account lockouts, authentication attempts or failed logins: Password spraying is dangerous, but not always successful. Make sure you’re notified when failed logins occur. Monitor failed logins for patterns. One or two consecutive failed logins may not always cause for alarm, but several failed logins from different accounts is worth looking into.
Use Multi-Factor Authentication: As mentioned previously, this requires extra credentials to log in to your accounts, and notifies you of attempted logins. Diversifying your 2FA/MFA requirements can add an extra layer of security. For example, don’t only use Time-Based One-Time Passwords (TOTP). Try using on certain sensitive accounts.
Don't use common passwords: Some of the most common passwords involve words like password, love and sequential numbers. Create unique, complex passwords for each account and don’t recycle passwords. A password manager can help you generate more strong, unique passwords, store them safely, and integrate them with third-party authentication software.
Take these measures to ensure your business and employees are protected:
The danger of password spraying has increased due to the frequent misuse of common passwords. Over 65% of internet users reuse their passwords across multiple or all of their accounts. You can see why password spraying can be so effective—it only takes a few people using poor passwords to jeopardize an entire business.