Password Spray

« Back to Glossary Index

Password spray is a type of cyber attack in which an attacker tries a single commonly used password (such as “password1”) with many different usernames, rather than trying multiple passwords with a single username. This approach allows the attacker to avoid detection by systems that are designed to lock out an account after a certain number of failed login attempts. The goal of a password spray attack is to gain access to a system or network by exploiting weak and commonly used passwords. This type of attack can be mitigated by using strong passwords, implementing multi-factor authentication, and monitoring for unusual login activity.

Download this Resource