Another rapid growing attack technique among online accounts is through password spraying. Password Spraying targets a large number of accounts/usernames and loops them with a highly common or simple password.
How Does It Work?
Attacker collects multiple usernames
Try a single simple password such as P@ssword123 or Qwerty123, against the collected lists of usernames (one password to many accounts).
Repeat the process, utilizing another different password, but will give a "break-time" in-between so as to stay below the account lockout threshold.
- Organizational Domain
- Single Sign-On (SSO) applications
- Cloud-based applications
- Email applications
- Disable IMAP and other legacy protocols if your organization is using Office365
- Use strong, unique, lengthy and complex passwords
- Adopt multi factor authentication
- Change password regularly, not "recycling" previous used password or using a similar password throughout different accounts