What is Password Spraying?

What is Password Spraying?

Password spraying (or, a Password Spray Attack) is when an attacker uses common passwords to attempt to access several accounts on one domain. Using a list of common weak passwords, such as 123456 or password1, an attacker can potentially access hundreds of accounts in one attack.

Cybercriminals can gain access to several accounts at once, giving them access to business or personal accounts and personal information. If a cybercriminal gets into just one-third of your business’s accounts, they could have access to:

  • Bank information
  • Personal information on employees
  • Benefits information, including account numbers
  • Sensitive company data
  • Product information
  • Trade secrets
  • Other login credentials

Password Spraying vs. Credential Stuffing

Another common attack is credential stuffing. Instead of cycling through common passwords, credential stuffing takes advantage of the fact that some people may use the same login credentials for various accounts and are “stuffed” into a different system’s login portal. These passwords are full verified credentials (typically username + password) and are often revealed in another system's data breach.

Unlike credential stuffing, password spray attacks are typically carried out with a spraying toolkit (a collection of software tools or a single program) and by gathering usernames from a directory or an open source. The toolkit is used with some commands to usurp the usernames and then spray a list of common passwords in an attempt to break into accounts.

How to Detect Password Spraying Attacks

Detecting a password spray attack early on can give you ample time to react and protect your accounts. Here's how.

Detecting Password Spraying For Personal Users

MFA/2FA: Securing accounts with multi-factor authentication allows you to require another set of credentials to access your accounts, as well as provide notifications when a new device attempts to access them.

Dark Web Monitoring: Use a dark web monitoring service to secure your data and get notified if any of your credentials have been breached. BreachWatch® monitors the dark web for breached accounts and alerts you instantly so you can take action to protect your online identity.

Detecting Password Spraying For Business Users

Pay close attention to logins: Continuous inputting of bad usernames is generally a sign of an attack. Make sure your IT team is paying close attention to company logins and is notified when bad usernames are continuously inputted.

Monitor for an increase in account lockouts, authentication attempts or failed logins: Password spraying is dangerous, but not always successful. Make sure you’re notified when failed logins occur. Monitor failed logins for patterns. One or two consecutive failed logins may not always cause for alarm, but several failed logins from different accounts is worth looking into.

How to Prevent Password Spraying

Detecting Password Spraying For Personal Users

Use Multi-Factor Authentication: As mentioned previously, this requires extra credentials to log in to your accounts, and notifies you of attempted logins. Diversifying your 2FA/MFA requirements can add an extra layer of security. For example, don’t only use Time-Based One-Time Passwords (TOTP). Try using on certain sensitive accounts.

Don't use common passwords: Some of the most common passwords involve words like password, love and sequential numbers. Create unique, complex passwords for each account and don’t recycle passwords. A password manager can help you generate more strong, unique passwords, store them safely, and integrate them with third-party authentication software.

Preventing Password Spraying as a Business User

Take these measures to ensure your business and employees are protected:

  • Implement MFA and security questions on company portals
  • Use CAPTCHAs to prevent bots from logging into accounts with stolen credentials
  • Use updated VPNs for the team to hide IP addresses and make it far more difficult for an attacker to narrow down your business’s exact IP addresses.
  • Enact a strict cybersecurity policy at your company that focuses on creating unique, complex passwords for every account.
  • Institute companywide education for all employees on the dangers of password spraying, other cybersecurity threats and the need for better passwords. Include information on how to create better passwords, recognize threats, and what to do if you think your account has been breached.

Stay Protected at All Times

The danger of password spraying has increased due to the frequent misuse of common passwords. Over 65% of internet users reuse their passwords across multiple or all of their accounts. You can see why password spraying can be so effective—it only takes a few people using poor passwords to jeopardize an entire business.

close
Business Sales
Support
closeChoose Language
Cookie Consent Preferences

Keeper Security uses 1st and 3rd party cookies to store and track information about your usage of our services and to provide a better website experience. We also may share this data in its aggregate form with advertisers, affiliates, and partners. Learn More

Decline Accept

Chat with Support

You must accept cookies to use Live Chat.

close

Business and Enterprise

Protect your company from cybercriminals.

Start Free Trial

Public Sector and FedRAMP

Protect your agency and educational institution from cybercriminals.

Contact Sales

MSPs

Protect your MSP organization, your end customers and add new revenue streams.

Start Free Trial

Personal and Family

Protect yourself and your family from cybercriminals.

Get Protected
English (US) Call Us
Try it Free
Download on the App Store Get it on Google Play