Cyber Doc logo Cyber Doc
Cybersecurity Term

What is password spraying?

An attack that tries common passwords across many accounts to avoid obvious lockouts.

Passwords & Access Last reviewed: 2026-05-20

← Back to Learn Centre

What is password spraying?

Password spraying is an attack where someone tries one or a few common passwords against many accounts, rather than trying many passwords against one account.

Simple example

An attacker tries a common seasonal password against every visible company email address.

Why it matters

This can avoid obvious account lockouts and is often used against business email, VPN, and cloud services.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Use MFA on exposed login services.
  • Block common and weak passwords.
  • Monitor failed sign-ins across many accounts.
  • Limit public exposure of staff email addresses where practical.
  • Use conditional access or location-based controls where appropriate.

Reactive steps

  • Review sign-in logs for patterns across multiple accounts.
  • Reset passwords for affected users if needed.
  • Check whether any account had a successful suspicious login.
  • Increase monitoring and alerting on login attempts.
  • Consider blocking source IPs or adding stricter access controls.

Related terms

  • Brute-force attack
  • Credential stuffing
  • Multi-factor authentication