Password Spraying definition in Cybersecurity

Password Spraying is a type of brute force attack where an attacker attempts to access a large number of accounts (usernames) with a few commonly used passwords. Unlike traditional brute force attacks that target one account at a time with many passwords, password spraying targets many accounts with fewer passwords to avoid account lockouts.

Notable Incidents

  1. 2018 Fortinet FortiGuard Labs Report
  2. 2020 Microsoft Detection of Password Spray Activity

How to Protect Your Network against Password Spraying

  1. Implement account lockout policies.
  2. Use multi-factor authentication (MFA).