Password Spraying

What Is Password Spraying?

Password Spraying definition and explanation.

Password spraying is an adversarial password attack technique in which a few commonly used passwords are utilized on multiple accounts. Rather than applying multiple passwords on the same account as done in a brute force attack, multiple accounts are targeted. Password spraying can help adversaries to bypass the access controls applied, which might lock the user account if multiple wrong passwords are attempted. This technique commonly targets SSO (Single Sign-On) and cloud applications.

In a password spray attack, adversaries “spray” passwords at a large volume of usernames.

—Diana Kelley Cybersecurity Field CTO

Glossary
Read our related blog posts
Are Password Managers Broken?
January 26, 2023
Are Password Managers Broken?

Recent breaches raise concerns about password managers. Are they still safe to use?

The Password Security Conundrum
May 6, 2021
The Password Security Conundrum

Why password security continues to be a critical issue despite evolving authentication methods.

How to Protect Microsoft Active Directory Passwords?
November 3, 2021
How to Protect Microsoft Active Directory Passwords?

Best practices for protecting Microsoft Active Directory passwords from misuse and breaches.

About Scirge
Shedding Light on Shadow IT

Scirge gives organizations the tools to discover and manage Shadow IT by tracking where and how corporate credentials are used across SaaS, supply-chain, GenAI, and other web applications. It helps discover Shadow SaaS and Shadow AI, and identify risks like password reuse, shared accounts, and phishing, while providing real-time awareness messages, automated workflows, and actionable insights.

Trusted by
Ready to discover
Shadow IT?
Shadow AI?
any SaaS app?
any GenAI app?
any supply chain access?
corporate password reuse?
shared accounts?
successful phishing?
SSO accounts?
weak online passwords?
overlapping services?
Contact us
Shadow IT and SaaS Discovery
Cloud and Corporate Identity Protecion
Compliance and Governance
Company
Product
HomeFeaturesPricing
Shadow IT and SaaS Discovery
Shadow IT Visibility And Monitoring
Cloud Application and Identity Inventories
Agentless Historical Shadow IT Audit
Shadow IT and SaaS Security
Password Protection for Corporate and Cloud Identities
Employee Education And Engagement
Phishing Detecion and Awareness
Identity Governance
Compliance with Shadow IT and Shadow AI Monitoring
Asset Management and Supply Chain Control
Cloud Identity Lifecycle Management
Resources
BlogGlossary
Company
AboutContactPrivacy Policy
Shedding Light on Shadow IT
© Scirge, 2025
Close Cookie Popup
Cookie settings
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Accept all cookiesCookie settings
Close Cookie Preference Manager
Cookie settings
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings