What is Password Spraying?

By | September 21, 2018
Print Friendly, PDF & Email

What is Password Spraying?

We’ll tell you this: If we could spray your passwords and make them stronger we’d be spraying your passwords right now. We have harped and harped and prodded you about using strong passwords, because if you don’t you’re just making it easy for criminals and miscreants to gain access to your accounts – email accounts, bank accounts, credit card accounts, etc. Brute force password attacks are on the wane, but password spraying is on the rise. And if you use weak passwords, like helen1952 or 12345678, password,  candycane52, and so on,  you’re  just a cruisin for a bruisin’ we tells ya! If you want some easy tips that will help you build strong passwords check out our post here.

Now, you’re curious about password spraying right? OK. Here you go…

The following is from INFOSEC Institute:

“What is Password Spraying?

Password spraying refers to the attack method that takes a large number of usernames and loops them with a single password. We can use multiple iterations using a number of different passwords, but the number of passwords attempted is usually low when compared to the number of users attempted. This method avoids password lockouts, and it is often more effective at uncovering weak passwords than targeting specific users.

Note: For the success of a password attack, a good password list is essential. You can use certain tools like CEWL to generate target-specific lists in accordance, using words from websites, or come up with your own method. In the past, I have had a lot of success using MonthYear, welcome1, and organization1 and also simple passwords like qwerty12345…”

Read more about password spraying here…

2 thoughts on “What is Password Spraying?

  1. Joyce

    For some reason for the past couple of Fridays I am not receiving your Cloudeight InfoAve Premium. I do not know why this just started to happen. How can I fix this?
    Thanks Joyce

    1. infoave Post author

      Joyce. We’ve sent our newsletter every week for 780 weeks now. If you didn’t receive it, it’s in your spam folder or it’s because your ISP (AOL – now part of OATH with Verizon & Yahoo) blocked it. We strongly urge you to get a free Gmail account https://www.gmail.com or and Outlook.com account https://www.outlook.com and use it to subscribe to the newsletter. If either of those ever marks our newsletter as spam you can go into the spam/junk folder and mark it “Not spam” or “Not junk” and it will always go into your inbox.

      It only takes a second to get a free Gmail or Outlook.com address. And it’s a good idea to have one or the other too- It’s always good to have second email address just in case. If you get an Gmail or Outlook.com address and need help signing up for our newsletter with it, just let me know and I’ll help you with that.


Leave a Reply

Your email address will not be published. Required fields are marked *