Password Spraying

What is it?

Password Spraying happens when an attacker places a list of usernames in a program and runs (sprays) various passwords with the list of usernames. An attacker hopes that at least username and password combination will work.  Attackers will typically try to use common passwords against the usernames, as those are what are most likely to work.

Why is it dangerous?

An attacker needs just one of those passwords to match a username to be able to login and compromise a system, network, organization, etc.

How do you combat these attacks?

  • Use passwords that are unique to you –
    • include a mix of symbols, numbers, lower and upper-case letters
    • avoid words you find in the dictionary
    • consider using a phrase or sentence, then take the first letter of each word and add symbols and numbers that make sense for you to remember
  • Do NOT reuse passwords – Why? Because if a personal account you have is compromised, attackers will try to use that password to gain access to other accounts of yours by using the password discovered.

    Want to check if any of your accounts have been a part of a known data breach?
    Copy and paste this link into a URL to find out!

If your account was associated in a breach:

  1. Make sure you’ve changed your password since the date of the breach occurred
  2. Don’t reuse the old compromised account password ever again
  • Don’t use password (or similar passwords) found on a dump lists. If your password is similar to one on the list -- Ex. It has 2018, 2019, or 2020 in it -- please change it immediately.

Password Dump List

Winter2016 Winter2017 Winter16 Winter17 Winter12 Spring2016 Spring2017 Spring16 Spring17
Spring12 Summer2016 Summer2017 Summer16 Summer17 Fall2016 Fall2017 Summer16 Summer17
Fall2016 Fall2017 Fall1234 Autumn2016 Autumn2017 Autumn16 Autumn17 Autumn12 Password1
Password2 Password3 Password4 Password5 Password6 Password7 Password8 Password9 Password01
Password12 Password123 Pa$$w0rd Password2016 Password2017 Password16 Password17 January1 January2016
January2017 January16 January17 February1 February2016 February2017 February16 February17 March123
March2016 March2017 April123 April2016 April2017 May12345 June1234 June2016 June2017
July1234 July2016 July2017 August12 August2016 August2017 August16 August17 September1
September2016 September2017 September16 September17 October1 October2016 October2017 October16 October17
November1 November2016 November2017 November16 November17 December1 December2016 December2017 December16
December17 Master12 Master2016 Master2017 Master16 Master17 Dragon12 Dragon2016 Dragon2017
Dragon16 Dragon17 Monkey12 Monkey2016 Monkey2017 Monkey16 Monkey17 Shadow12 Shadow2016
Shadow2017 Shadow16 Shadow17 Qwerty12 Qwerty2016 Qwerty2017 Qwerty16 Qwerty17 God12345
Iloveyou1 Iloveyou2016 Iloveyou2017 Iloveyou16 Iloveyou17 Thankyou1 Thankyou2016 Thankyou2017 Thankyou16
Thankyou17 Welcome1 Welcome2016 Welcome2017 Welcome16 Welcome17 Baseball1 Baseball2016 Baseball2017
Baseball16 Baseball17 Football1 Football2016 Football2017 Football16 Football17 Letmein1 Letmein2016
Letmein20162017 Letmein16 Letmein17 Abc1234 Mustang1 Mustang2016 Mustang2017 Mustang16 Mustang17
Access12 Access2016 Access2017 Access16 Access17 Superman1 Superman2016 Superman2017 Superman16
Superman17 Batman1 Batman2016 Batman2017 Batman16 Batman17 Qwertyuiop1 Qwertyuiop2016 Qwertyuiop2017
Qwertyuiop16 Qwertyuiop17 123Qweasd Jesus123 Jesus2016 Jesus2017 Ninja123 Ninja2016 Ninja2017