Password Spraying Attacks: What They Are and How to Stop Them

Password Spraying Attacks

Password spraying tries one common password against many accounts to avoid lockouts. It is devastatingly effective against organisations with weak password policies.

This guide covers the key concepts, practical steps, and common mistakes to avoid when addressing this aspect of password security.

Best practices

• Use a dedicated password manager for all credentials
• Enable multi-factor authentication wherever supported
• Use unique passwords for every account
• Regularly audit accounts for breached credentials
• Generate passwords with a cryptographically random generator like PassGeni

How PassGeni helps

PassGeni addresses this challenge directly through its AI-seeded generation engine. Passwords are created client-side using JavaScript's crypto.getRandomValues() API — no data ever leaves your browser.

The Password DNA Score provides a 7-point quality audit so you know exactly how strong each generated password is before you use it.