Skip to Main

Password Spraying

 

close up of a key on a keyboard that contains a lock and reads password secuirty

Password spraying involves an attacker placing a list of potential usernames in a program and trying a common or default password against the list of usernames. One password is sprayed against multiple usernames to try to gain access. This approach is less likely to trigger an account lockout than trying multiple passwords against one account. The threat actor can target thousands of different users at once. The process is often automated and can take place over time to avoid detection. Poor password hygiene by one user may allow an organization to be compromised.

Password Tips and Basics

  • Change default passwords
  • Keep it unique to UTSW
  • The longer the better
  • Build a passphrase
  • If compromised, change immediately
  • No sharing
  • Use multi-factor authentication when available
View More Updates

Questions about information security?

Office of Information Security
214-648-7600

informationsecurity@UTSouthwestern.edu

Back-to top