{"id":34592,"date":"2020-04-23T16:00:22","date_gmt":"2020-04-23T16:00:22","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=90947"},"modified":"2020-04-23T16:00:22","modified_gmt":"2020-04-23T16:00:22","slug":"protecting-your-organization-against-password-spray-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/","title":{"rendered":"Protecting your organization against password spray attacks"},"content":{"rendered":"<p>When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a single, high-value target\u2014someone in the C-suite for example and do \u201cspear phishing.\u201d Or if they just need low-level access to gain a foothold in an organization or do reconnaissance, they target a huge volume of people and spend less time on each one which is called \u201cpassword spray.\u201d Last December Seema Kathuria and I described an example of the first approach in <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\" target=\"_blank\" rel=\"noopener noreferrer\">Spear phishing campaigns\u2014they\u2019re sharper than you think!<\/a> Today, I want to talk about a high-volume tactic: password spray.<\/p>\n<p>In a password spray attack, adversaries \u201cspray\u201d passwords at a large volume of usernames. When I talk to security professionals in the field, I often compare password spray to a brute force attack. Brute force is targeted. The hacker goes after specific users and cycles through as many passwords as possible using either a full dictionary or one that\u2019s edited to common passwords. An even more targeted password guessing attack is when the hacker selects a person and conducts research to see if they can guess the user\u2019s password\u2014discovering family names through social media posts, for example. And then trying those variants against an account to gain access. Password spray is the opposite. Adversaries acquire a list of accounts and attempt to sign into all of them using a small subset of the most popular, or most likely, passwords. Until they get a hit. This blog describes the steps adversaries use to conduct these attacks and how you can reduce the risk to your organization.<\/p>\n<h3>Three steps to a successful password spray attack<\/h3>\n<p><strong>Step 1: Acquire a list of usernames<\/strong><\/p>\n<p>It starts with a list of accounts. This is easier than it sounds. Most organizations have a formal convention for emails, such as <strong>firstname.lastname@company.com<\/strong>. This allows adversaries to construct usernames from a list of employees. If the bad actor has already compromised an account, they may try to enumerate usernames against the domain controller. Or, they find or buy usernames online. Data can be compiled from past security breaches, online profiles, etc. The adversary might even get some verified profiles for free!<\/p>\n<p><strong>Step 2: Spray passwords<\/strong><\/p>\n<p>Finding a list of common passwords is even easier. A Bing search reveals that publications list the most common passwords each year. <strong>123456<\/strong>, <strong>password<\/strong>, and <strong>qwerty<\/strong> are typically near the top. <a href=\"https:\/\/en.wikipedia.org\/wiki\/Wikipedia:10,000_most_common_passwords\" target=\"_blank\" rel=\"noopener noreferrer\">Wikipedia lists the top 10,000<\/a> passwords. There are regional differences that may be harder to discovery, but many people use a favorite sports teams, their state, or company as a password. For example, Seahawks is a popular password choice in the Seattle area. Once hackers do their research, they carefully select a password and try it against the entire list of accounts as shown in Figure 1. If the attack is not successful, they wait 30 minutes to avoid triggering a timeout, and then try the next password.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-90948\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Protecting-your-organization-against-password-spray-attacks-EMBED.png\" alt=\"Protecting your organization against password spray attacks\" width=\"474\" height=\"327\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Protecting-your-organization-against-password-spray-attacks-EMBED.png 474w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Protecting-your-organization-against-password-spray-attacks-EMBED-300x207.png 300w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\"><\/p>\n<p><em>Figure 1:&nbsp; Password spray using one password across multiple accounts.<\/em><\/p>\n<p><strong>Step 3: Gain access<\/strong><\/p>\n<p>Eventually one of the passwords works against one of the accounts. And that\u2019s what makes password spray a popular tactic\u2014attackers only need one successful password + username combination. Once they have it, they can access whatever the user has access to, such as cloud resources on OneDrive. Or use the exploited account to do internal reconnaissance on the target network and get deeper into the systems via elevation of privilege.<\/p>\n<p>Even if the vast majority of your employees don\u2019t use popular passwords, there is a risk that hackers will find the ones that do. The trick is to reduce the number of guessable passwords used at your organization.<\/p>\n<h3>Configure Azure Active Directory (Azure AD) Password Protection<\/h3>\n<p><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/azure-ad-password-protection-is-now-generally-available\/ba-p\/377487\" target=\"_blank\" rel=\"noopener noreferrer\">Azure AD Password Protection<\/a> allows you to eliminate easily guessed passwords and customize lockout settings for your environment.&nbsp;This capability includes a globally banned password list that Microsoft maintains and updates. You can also block a custom list of passwords that are relevant to your region or company. Once enabled, users won\u2019t be able to choose a password on either of these lists, making it significantly less likely that an adversary can guess a user\u2019s password. You can also use this feature to define how many sign-in attempts will trigger a lockout and how long the lockout will last.<\/p>\n<h3>Simulate attacks with Office 365 Advanced Threat Protection (Office 365 ATP)<\/h3>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/attack-simulator?view=o365-worldwide\" target=\"_blank\" rel=\"noopener noreferrer\">Attack Simulator in Office 365 ATP<\/a> lets you run realistic, but simulated phishing and password attack campaigns in your organization. Pick a password and then run the campaign against as many users as you want. The results will let you know how many people are using that password. Use the data to train users and build your custom list of banned passwords.<\/p>\n<h3>Begin your passwordless journey<\/h3>\n<p>The best way to reduce your risk of password spray is to <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/12\/11\/go-passwordless-strengthen-security-reduce-costs\/\" target=\"_blank\" rel=\"noopener noreferrer\">eliminate passwords entirely<\/a>. Solutions like <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/identity-protection\/hello-for-business\/hello-identity-verification\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Hello<\/a> or <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-authentication-passwordless\" target=\"_blank\" rel=\"noopener noreferrer\">FIDO2 security keys<\/a> let users sign in using biometrics and\/or a physical key or device. Get started by enabling <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/identity\/mfa\" target=\"_blank\" rel=\"noopener noreferrer\">Multi-Factor Authentication (MFA)<\/a> across all your accounts. MFA requires that users sign in with at least two authentication factors: something they know (like a password or PIN), something they are (such as biometrics), and\/or something they have (such as a trusted device).<\/p>\n<h3>Learn more<\/h3>\n<p>We make progress in cybersecurity by increasing how much it costs the adversary to conduct the attack. If we make guessing passwords too hard, hackers will reduce their reliance on password spray.<\/p>\n<p>Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity. For more information about our security solutions <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website<\/a>. Or reach out to me on&nbsp;<a href=\"https:\/\/www.linkedin.com\/in\/dianakelleysecuritycurve\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/twitter.com\/dianakelley14\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>.<\/p>\n<p>READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/04\/23\/protecting-organization-password-spray-attacks\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If your users sign in with guessable passwords, you may be at risk of a password spray attack.<br \/>\nThe post Protecting your organization against password spray attacks appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34593,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[6577,6579,8412,8413,347,101,3191,6696,6664,29,1061,188,6681],"class_list":["post-34592","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-ciso-series","tag-ciso-series-page","tag-compliance-and-security","tag-compliance-and-security-series","tag-cybersecurity","tag-data-privacy","tag-email-security","tag-identity-and-access-management","tag-microsoft-authenticator","tag-mobile-security","tag-network-security","tag-phishing","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Protecting your organization against password spray attacks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protecting your organization against password spray attacks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-23T16:00:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/protecting-your-organization-against-password-spray-attacks.png\" \/>\n\t<meta property=\"og:image:width\" content=\"474\" \/>\n\t<meta property=\"og:image:height\" content=\"327\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Protecting your organization against password spray attacks\",\"datePublished\":\"2020-04-23T16:00:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/\"},\"wordCount\":974,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/protecting-your-organization-against-password-spray-attacks.png\",\"keywords\":[\"CISO series\",\"Ciso series page\",\"Compliance and security\",\"Compliance and security series\",\"Cybersecurity\",\"Data Privacy\",\"email security\",\"Identity and access management\",\"Microsoft Authenticator\",\"Mobile Security\",\"Network Security\",\"Phishing\",\"Security strategies\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/\",\"name\":\"Protecting your organization against password spray attacks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/protecting-your-organization-against-password-spray-attacks.png\",\"datePublished\":\"2020-04-23T16:00:22+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/protecting-your-organization-against-password-spray-attacks.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/protecting-your-organization-against-password-spray-attacks.png\",\"width\":474,\"height\":327},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/protecting-your-organization-against-password-spray-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CISO series\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/ciso-series\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Protecting your organization against password spray attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting your organization against password spray attacks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Protecting your organization against password spray attacks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-23T16:00:22+00:00","og_image":[{"width":474,"height":327,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/protecting-your-organization-against-password-spray-attacks.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Protecting your organization against password spray attacks","datePublished":"2020-04-23T16:00:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/"},"wordCount":974,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/protecting-your-organization-against-password-spray-attacks.png","keywords":["CISO series","Ciso series page","Compliance and security","Compliance and security series","Cybersecurity","Data Privacy","email security","Identity and access management","Microsoft Authenticator","Mobile Security","Network Security","Phishing","Security strategies"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/","url":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/","name":"Protecting your organization against password spray attacks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/protecting-your-organization-against-password-spray-attacks.png","datePublished":"2020-04-23T16:00:22+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/protecting-your-organization-against-password-spray-attacks.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/protecting-your-organization-against-password-spray-attacks.png","width":474,"height":327},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/protecting-your-organization-against-password-spray-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"CISO series","item":"https:\/\/www.threatshub.org\/blog\/tag\/ciso-series\/"},{"@type":"ListItem","position":3,"name":"Protecting your organization against password spray attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34592"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34592\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34593"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}