Password Spraying

Question

What is password spraying, why is it dangerous, and how can I prevent them?

 

Answer

What is it?

Password Spraying happens when an attacker places a list of usernames in a program and runs (sprays) various passwords with the list of usernames. An attacker hopes that at least username and password combination will work.  Attackers will typically try to use common passwords against the usernames, as those are what are most likely to work.

Why is it dangerous?

An attacker needs just one of those passwords to match a username to be able to login and compromise a system, network, organization, etc.

How do you combat these attacks?

  • Use passwords that are unique to you –
    • include a mix of symbols, numbers, lower and upper-case letters
    • avoid words you find in the dictionary
    • consider using a phrase or sentence, then take the first letter of each word and add symbols and numbers that make sense for you to remember
       
  • Do NOT reuse passwords – Why? Because if a personal account you have is compromised, attackers will try to use that password to gain access to other accounts of yours by using the password discovered.

    Want to check if any of your accounts have been a part of a known data breach?
    Copy and paste this link into a URL to find out! https://haveibeenpwned.com/

If your account was associated in a breach

  1. Make sure you’ve changed your password since the date of the breach occurred
  2. Don’t reuse the old compromised account password ever again

Top 20 Most Common Passwords 

If you use any of these passwords change them immediately! 

  • 123456
  • 123456789
  • Qwerty
  • Password
  • 12345
  • 12345678
  • 111111
  • 1234567
  • 123123
  • Qwerty123
  • 1q2w3e
  • 1234567890
  • DEFAULT
  • 0
  • Abc123
  • 654321
  • 123321
  • Qwertyuiop
  • Iloveyou
  • 666666