Sunday 05 July 2026 05:33:13 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Password spraying

Trying a small set of common passwords across many accounts to avoid lockouts.

Password spraying is a login attack where an adversary tests a small set of common passwords against many user accounts instead of hammering one account with many guesses. This strategy helps avoid account lockouts and reduces the chance that rate limits or brute-force alarms will trigger quickly. It is especially effective against organizations that allow weak passwords, legacy authentication, or poorly monitored cloud and email sign-ins.

In real attacks, password spraying often targets enterprise identity systems, VPNs, and webmail because one successful login can expose mailboxes, internal data, or further access paths. Defenders look for many accounts failing with the same password patterns, unusual authentication from new locations, and repeated attempts spaced out over time. Strong password policies, multifactor authentication, lockout monitoring, and disabling legacy protocols all reduce the impact of this technique.

← WIKICROOK index