GLOSSARY / Password Spraying

What is Password Spraying?

Trying one common password against many accounts to avoid lockouts.

By “spraying” a single weak password (like Spring2026!) across many usernames, attackers stay under per-account lockout thresholds while still finding weak accounts.

It targets the weakest link in large user bases.

How to defend

MFA, ban common/seasonal passwords, and alert on many failed logins across accounts.

Related free tools

Password Strength → HIBP Check →

Related terms

Brute-Force Attack Credential Stuffing

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.