What is Password Spraying?
We’ll tell you this: If we could spray your passwords and make them stronger we’d be spraying your passwords right now. We have harped and harped and prodded you about using strong passwords, because if you don’t you’re just making it easy for criminals and miscreants to gain access to your accounts – email accounts, bank accounts, credit card accounts, etc. Brute force password attacks are on the wane, but password spraying is on the rise. And if you use weak passwords, like helen1952 or 12345678, password, candycane52, and so on, you’re just a cruisin for a bruisin’ we tells ya! If you want some easy tips that will help you build strong passwords check out our post here.
Now, you’re curious about password spraying right? OK. Here you go…
The following is from INFOSEC Institute:
“What is Password Spraying?
Password spraying refers to the attack method that takes a large number of usernames and loops them with a single password. We can use multiple iterations using a number of different passwords, but the number of passwords attempted is usually low when compared to the number of users attempted. This method avoids password lockouts, and it is often more effective at uncovering weak passwords than targeting specific users.
Note: For the success of a password attack, a good password list is essential. You can use certain tools like CEWL to generate target-specific lists in accordance, using words from websites, or come up with your own method. In the past, I have had a lot of success using MonthYear, welcome1, and organization1 and also simple passwords like qwerty12345…”