What is Password Spraying? - Password spraying is a technique that involves using a limited set of company-specific passwords that are discovered during the recon phase and used in attempted logins for known usernames. Advanced cybercriminals when conducting these types of attacks will typically scan your infrastructure for external facing apps and network services such as webmail, SSO and VPN gateways. Usually, these interfaces have strict timeout features. Actors will use password spraying vs. brute force attacks to avoid being timed out and possibly alerting admins.