What Is Password Spraying?

Password Spraying definition and explanation.

Password spraying is an adversarial password attack technique in which a few commonly used passwords are utilized on multiple accounts. Rather than applying multiple passwords on the same account as done in a brute force attack, multiple accounts are targeted. Password spraying can help adversaries to bypass the access controls applied, which might lock the user account if multiple wrong passwords are attempted. This technique commonly targets SSO (Single Sign-On) and cloud applications.

In a password spray attack, adversaries “spray” passwords at a large volume of usernames.

Diana Kelley Cybersecurity Field CTO