Protect Your Accounts from Password Spraying

password-sprayingBrute force attacks on passwords are characterized by carrying out hundreds of thousands of attempts to guess the password of an account and gain access. However, there is another that can affect many more users at once. It is known as Password Spraying and we will emphasize the importance of not using common and easy to guess passwords.

What is Password Spraying?

Whenever we create a password, we must take into account a series of guidelines to make it strong and complex. All with the objective of hindering the entry of possible intruders. However, the reality is that users do not always do this. Password Spraying takes advantage of that. Use the weak and common passwords that users use to access their accounts. For example, password 123456 remains one of the most used. In short, Password Spraying attacks are based on mistakes made by users . In recklessness when generating passwords. It should be mentioned that the probability of using this type of passwords is quite high.

By simply obtaining a common password, we can access several accounts at once. This allows the Password Spraying to be transparent and override security measures such as account blocking for multiple attempts. Until now, we frequently learn about the filtering of extensive user lists and passwords. Among those records, it is possible to apply data manipulation techniques, or simply filter the records based on the passwords we can find. For example, the attacker may have the opportunity to violate 10,000 accounts with the use of a simple password, be it ” password123 ” or ” password “.

If you are in charge of user management in a company with Windows Active Directory , it is advisable to apply the use of the password blacklist. There are tools that check the passwords of the users and make a crossing with a list of vulnerable passwords, product of various previous personal data leaks. In this way, it is possible to quantify the accounts that are using weak passwords.

SpecOps Password Auditor: powerful and easy to use tool

It has no access cost and as it is read-only ( read-only ), with a few clicks you will have access to a dashboard that will give you the panorama you need about the accounts and their passwords. The information you manage to collect becomes interactive reports that, in addition to the accounts and passwords, specify the type of policy they are applying, if they do. These are the types of reports that you can obtain thanks to this free licensed software:

  • Inactive Administrator Accounts
  • Accounts with expired passwords
  • Accounts with passwords next to expire
  • Accounts with identical passwords
  • Accounts that do not need passwords
  • Accounts that need a minimum length of characters for their passwords

How to avoid being a victim of Password Spraying

As end users, we have to have security awareness- oriented education and put into practice every day the tips to create secure keys , essential to prevent inconveniences with our accounts. If in your office or anywhere else, there are opportunities to educate yourself about the security and privacy of our data and how to protect us, you should take advantage of it. Any application you use and has the option of enabling multi-factor authentication, you must do so. In addition, another important tip is to never use the same password in more than one place. If they find out, other accounts may be in danger.

It can be concluded, without fear of error, that the main risk to the security of our personal data is ourselves . Taking a couple of minutes at most, to be able to think of a really secure password and the measures to protect or recover it, makes a difference. Password Spraying is one of many attacks that we could be victims of.