Password Spraying
An attack that tries a single common password against many accounts to avoid lockout detection.
Full Definition
Password spraying is a type of brute force attack where a threat actor attempts a single commonly used password — or a small set of passwords — against a large number of user accounts. This technique is designed to evade account lockout policies that trigger after multiple failed attempts on a single account.\n\nBy spreading attempts across many accounts rather than hammering one account repeatedly, password spraying flies under the radar of traditional lockout-based defenses. Common target passwords include seasonal variations (e.g., "Summer2024!"), company name patterns, and universally common passwords ("Password123").\n\nPassword spraying is particularly effective against large organizations and identity providers (Active Directory, Azure AD, Okta). Defenders can detect it by monitoring for low-frequency failed logins distributed across many accounts, which produces a different signature than traditional brute force.
Related Terms
Brute Force Attack
An attack method that systematically tries all possible password combinations until the correct one is found.
Attack TypesCredential Stuffing
Automated injection of stolen username/password pairs to gain unauthorized access to accounts.
Attack TypesAccount Takeover (ATO)
Unauthorized access to a user account by exploiting stolen credentials.
Attack TypesMulti-Factor Authentication (MFA)
A security mechanism requiring two or more forms of verification before granting access.
Defensive SecurityMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.