What is Password Spraying & Why You Should Care
Passwords have been with us for a very long time, in fact, the computer password recently celebrated its 60th birthday, since its beginning in an MIT lab in the fall of 1961.
As we approach 2022, it is estimated that there are well over 300 billion passwords in use worldwide and almost everyone knows the basics of good password security – right?
Well maybe, maybe not, the evidence would say not, the statistics remain shocking.
What is Password Spraying
I picked that statistic, not only because it clearly highlights how big an issue bad password security remains, but also because Forbes recently reported on a rapidly rising cyberattack type that very much relates to that statistic specifically.
That attack type is Password Spraying. So, what exactly is it?
The easiest way to explain password spraying is to compare it to a much better-known password attack type, the “Brute Force” attack.
A “brute force” attack targets a small number of accounts with a substantial volume of ‘password guesses’ and is the reason why a longer password is a stronger password – it takes much (much, much) longer to cycle through every password combination for 12 characters than it does for 6 characters.
“Password Spraying” though flips this on its head and targets a huge number of accounts with a small number of “password guesses” – and as you might expect, those “guesses” are the passwords that are most used – such as our friend “123456”.
Protect yourself from Password Spraying attacks
This is a simple one – avoid those commonly used, simple passwords that are the punchlines in a million cyber security memes.
Here’s a list of the 10 most used passwords in 2021 – seriously, if you have an account anywhere that uses one of these – change it now!
It really is that simple.
So, if “123456” is out, what should I use instead?
Password spraying is not the only reason to use “strong” passwords – but it is a good one all the same.
To create a “strong” password, simply follow this simple guide.
- Longer = stronger: Make your passwords at least 8 characters long, preferably even longer.
- Complexity: Your passwords should contain at least 1 uppercase, lowercase, numerical and special character.
There are other tricks, such as using a passphrase, but as long as you follow these 2 simple steps your passwords will be drastically more difficult to crack and won’t typically be included in the “guesses” used in Password Spraying type attacks.
Even better, where possible, secure your important passwords with further authentication methods, such as 2-factor authentication or biometrics, such as facial recognition, fingerprint scanning, or retinal scanning.
Ready to take the first steps toward better cybersecurity?
If you would like to know more about IT managed services that can drastically reduce your cybersecurity risk, get in touch with us.
About the author…
Julian has over 20 years of experience as a technical salesperson for IT Managed Service Providers (MSPs) and likes nothing more than a cup of coffee and a chat about how to cure your IT headaches.