Keeper’s Guide to Password Spraying Attacks

Password Spraying (or, a Password Spray Attack) is when an attacker uses common passwords to attempt to access several accounts on one domain. Using a list of common passwords, such as 123456, password1, and more, an attacker can potentially access hundreds of accounts in one attack if the users aren’t using strong passwords.

The reason for this is that the majority of individuals use the commonly-used passwords and weak passwords on multiple websites, applications and systems. Cybercriminals dictionary these common passwords as the arsenal for their attacks.

Cybercriminals can gain access to several accounts at once, giving them access to business or personal accounts and personal information. Imagine a cybercriminal getting into just one-third of your business’s accounts. They could have access to:

• Bank information
• Personal information on employees
• Benefits information, including account numbers
• Sensitive company data
• Product information
• Trade secrets
• Other login credentials

For Personal Users

• MFA/2FA: Securing accounts with multi-factor authentication allows you to require another set of credentials to access your accounts, as well as provide notifications when a new device attempts to access them.
• Keeper BreachWatch^®: Use BreachWatch to secure your data and get notified if any of your credentials have been breached. BreachWatch monitors the dark web for breached accounts and alerts you instantly so you can take action to protect your online identity

For Business Users

• Pay close attention to logins: Continuous inputting of bad usernames is generally a sign of an attack. Make sure your IT team is paying close attention to company logins and is notified when bad usernames are continuously inputted.
• Monitor for an increase in account lockouts, authentication attempts or failed logins: Password spraying is dangerous, but not always successful. Make sure you’re notified when failed logins occur. Monitor failed logins for patterns. One or two consecutive failed logins isn’t always cause for alarm, but several failed logins from different accounts is worth looking into.

For Personal Users

• Use Multi-Factor Authentication. This requires extra credentials to log in to your accounts, and notifies you of attempted logins. Diversifying your MFA/2FA requirements can add an extra layer of security. For example, don’t only use TOTPs. Try using biometrics on certain sensitive accounts. Keeper supports popular methods of 2FA including:
  • SMS/Text Message
  • TOTP generator apps such as Google
  • Duo Security
  • RSA SecurID
  • Keeper DNA (using Apple Watch and Android Wear devices)
  • FIDO WebAuthn-based physical keys such as YubiKey
• Don’t use common passwords. Some of the most common passwords involve the words password, love, and sequential numbers. Create unique, complex passwords for each account and don’t recycle passwords. A password manager like Keeper can help you generate more strong, unique passwords, store them safely, and integrate with third-party authentication software.

For Business Users

• Implement MFA and security questions on company portals
• Use CAPTCHAs to prevent bots from logging into accounts with stolen credentials.
• Use updated VPNs for the team to hide IP addresses and make it far more difficult for an attacker to narrow down your business’s exact IP addresses.
• Enact a strict cybersecurity policy at your company that focuses on creating unique, complex passwords for every account. An Enterprise Password Management Platform (EPM) like Keeper can help facilitate this change, and can help you safely share passwords across the business without jeopardizing company information.
• Institute companywide education for all employees on the dangers of password spraying, other cybersecurity threats and the need for better passwords. This should include information on how to create better passwords, recognize threats, and what to do if you think your account has been breached.