Password Spray

security

Attack technique that tries a few common passwords against many accounts to avoid lockout thresholds.

What is Password Spray?

Password spray attacks are the opposite of brute force—instead of trying many passwords against one account, they try a few passwords against many accounts. This avoids account lockout and is often undetected by traditional security controls. Attackers use lists of common passwords and target organizations with weak password policies.

In Microsoft 365

Azure AD Smart Lockout detects password spray patterns and blocks attacks even when individual accounts have not hit lockout thresholds. Password protection can ban common passwords. Identity Protection flags password spray detections in risk assessments.

Examples

  • 1Trying "Summer2024!" against all users
  • 2Testing "Password123" across the organization
  • 3Using organization name variations as passwords

Related TrueConfig Controls

These controls help implement and verify password spray in your Microsoft 365 environment.

ID-05Configure Smart Lockout Protection

Frequently Asked Questions

What is Password Spray?
Attack technique that tries a few common passwords against many accounts to avoid lockout thresholds.
How does Password Spray work in Microsoft 365?
Azure AD Smart Lockout detects password spray patterns and blocks attacks even when individual accounts have not hit lockout thresholds. Password protection can ban common passwords. Identity Protection flags password spray detections in risk assessments.
What are examples of Password Spray?
Examples of Password Spray include: Trying "Summer2024!" against all users, Testing "Password123" across the organization, Using organization name variations as passwords.
Which TrueConfig controls relate to Password Spray?
TrueConfig controls related to Password Spray include: ID-05. These controls help implement and verify password spray in your environment.
← Back to GlossaryBrowse Controls →