Get this book -> Problems on Array: For Interviews and Competitive Programming
Reading time: 10 minutes
Password Spraying is a form of cyber attack similar to an brute force attack, where the hacker tries to gain access to the company system by testing out a small number of commonly used passwords on a large number of accounts. This attack allows an attacker to gain access to multiple accounts, without getting locked out of the system.
Procedure For The Attack
- Initially, in this attack the attacker first collects the multiple credentials using social engineering and other phishing methods.
- After collecting the multiple credentials, the attacker further applies one of the credentials to a large number of accounts through some automated tool.
- After completing the first round of attack, the attacker carries out the second round of attack with another credential after a period of time so that the attacker doesn't get locked out of the system.
Mititgation For The Attack
Enable two-factor authentication and use complex passwords that cannot be easily guessed. Always change the password frequently to avoid misuse of old stolen passwords.
Password Spraying is which kind of attack?
What should be enabled to prevent this type of attack?
2 Factor Authentication