Password Spraying: What Is It and How to Prevent a Password Spraying Attack
Estimated reading time: 5 minutes
As cybercrime continues to develop, so do the tactics hackers use to gain unauthorized access to corporate networks. As long as people use passwords for logging into accounts, hackers will continue to seek and find ways to enter accounts and organizations. One clever way to exploit passwords? Password spraying. But what is it, and how do you prevent a password-spraying attack? Read more about it in this blog.
Table of contents
What is password spraying?
One of the most commonly used attacks is password spraying. Password spraying is a method of gaining access to accounts by entering a large number of usernames into a program. The program then tries a number of common (weak) passwords, such as “Welcome123,” “Password1!” or “ABC123!”. The correct combination between username and password can grant access to login information and accounts.
Sometimes, hackers use passwords from websites that have already been hacked, as many people still use the same password for multiple accounts.
As the name of this attack suggests, hackers “spray” passwords, hoping that one of the combinations used between username and password will work. This way, criminals can also gain access to multiple accounts at once.
Once hackers find an entrance into your organization, they could have access to all sorts of information, from product information to sensitive company data or your staff’s private data.
How to prevent a password spraying attack
A password-spraying attack can only be successful if employees use weak passwords or reuse their passwords for multiple accounts. The risk of password spraying has increased since many people use common passwords. Additionally, over 65 percent of internet users reuse passwords for multiple or even all of their accounts.
Due to the nature of a password-spraying attack, an entire organization can be in danger if only a few of its people use a weak password or reuse their passwords for multiple accounts.
Here’s what you can do to avoid a password-spraying attack:
Enact a strict cybersecurity policy
A strict cybersecurity policy that focuses on creating unique, complex passwords for every account is an important step in countering password-spraying attacks. If every employee has a strong password, cybercriminals will have fewer opportunities to enter your organization.
To enable this, it is important that your password policy is clear to every employee. Communicate about it frequently and via various channels to be sure that everyone is aware of it. With repeated campaigns on, for example, digital signage screens and screensavers on staff laptops, you constantly raise awareness for the risks of weak passwords. This is also a great way to share tips for strong passwords and show examples of weak passwords.
Pop-up alerts and notifications
With (prescheduled) pop-up alerts and notifications, you can regularly remind your colleagues when it’s time to create a new strong password and repeat how to create a strong password. An employee communication platform such as Netpresenter allows you to add read receipts, so you know people have genuinely read your message.
And for the people who haven’t, you can simply use our attention boosters. They will keep receiving the message – until they do read it. Annoying? Maybe, but when it comes to something as important as your organization’s cybersecurity, you’re allowed to be a tad annoying!
Company-wide cybersecurity education
Institute company-wide education for all employees to these your staff about the dangers of password spraying and other cyber threats. Your staff will better comply with your cybersecurity policy when they understand why and how things can go wrong. Simply ordering staff to create stronger passwords won’t help as much – a little context and explanation on the dangers of weak passwords, methods hackers use to hack into accounts, and examples of how to create strong passwords will help your staff understand how they can help keep cybercriminals out of your organization.
The same goes for other cyberattacks, such as phishing and CEO fraud. Context and explanation always help raise awareness. Providing repeated cybersecurity education or training throughout the year is key to a culture of cybersecurity awareness. Campaigns can be repeated throughout the year via digital signage screens, wallpapers or lock screens, or a mobile app.
Question your employees about their knowledge from time to time by sending out a poll or survey, share trivia or small quizzes and make cybersecurity a priority for everyone in an interesting way. We have created a template pack of cybersecurity tips that can be easily installed on digital signage or screensavers, repeating important information and tips to keep your employees on their toes throughout the year:
Do you want to prevent password-spraying attacks using internal communication? Schedule a free 30-minute demo or get in touch with one of our consultants; they are happy to show you everything Netpresenter has to offer for your organization’s cybersecurity. Want to see how our customers use our platform to improve their cybersecurity? Read their stories for more inspiration.