Password Spray Attacks

Published: Posted on

The NCSC recently issued an advisory on password spray attacks.   The attacks are aimed at   health care organisations involved in the coronavirus response, including research.  The University is a potential target.

In password spray attacks, attackers use a few easy to guess passwords and try them against multiple accounts.  Attacking in this way does not lock out accounts and the attacks are difficult to detect.

The best defence against these attacks is to use strong, difficult to guess passwords.  You should make sure these are long (at least 12 characters, but 16 characters or more is much better).  You can easily create a memorable password if you use three unrelated words to form the basis of your password and add numbers and other characters if necessary.  There is some useful advice passwords provided by the NCSC.

Author: Chris Bayliss

IT Security Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *