Home

Azure AD and ADFS best practices: Defending against password spray attacks

%3CLINGO-SUB%20id%3D%22lingo-sub-167941%22%20slang%3D%22en-US%22%3EAzure%20AD%20and%20ADFS%20best%20practices%3A%20Defending%20against%20password%20spray%20attacks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167941%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20long%20as%20we%E2%80%99ve%20had%20passwords%2C%20people%20have%20tried%20to%20guess%20them.%20In%20this%20blog%2C%20we%E2%80%99re%20going%20to%20talk%20about%20a%20common%20attack%20which%20has%20become%20MUCH%20more%20frequent%20recently%20and%20some%20best%20practices%20for%20defending%20against%20it.%20This%20attack%20is%20commonly%20called%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Epassword%20spray.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3EIn%20a%20password%20spray%20attack%2C%20the%20bad%20guys%20try%20the%20most%20common%20passwords%20across%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Emany%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FEM%3Edifferent%20accounts%20and%20services%20to%20gain%20access%20to%20any%20password%20protected%20assets%20they%20can%20find.%20Usually%20these%20span%20many%20different%20organizations%20and%20identity%20providers.%20For%20example%2C%20an%20attacker%20will%20use%20a%20commonly%20available%20toolkit%20like%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.blackhillsinfosec.com%2Fintroducing-mailsniper-a-tool-for-searching-every-users-email-for-sensitive-data%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMailsniper%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eto%20enumerate%20all%20of%20the%20users%20in%20several%20organizations%20and%20then%20try%20%E2%80%9CP%40%24%24w0rd%E2%80%9D%20and%20%E2%80%9CPassword1%E2%80%9D%20against%20all%20of%20those%20accounts.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20780px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F29685i99EF2E991947C637%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22030418_2027_AzureADandA1.jpg%22%20title%3D%22030418_2027_AzureADandA1.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3ERead%20about%20it%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fenterprisemobility%2F2018%2F03%2F05%2Fazure-ad-and-adfs-best-practices-defending-against-password-spray-attacks%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EEnterprise%20Mobility%20%2B%20Security%20blog%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167941%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Community Manager

As long as we’ve had passwords, people have tried to guess them. In this blog, we’re going to talk about a common attack which has become MUCH more frequent recently and some best practices for defending against it. This attack is commonly called password spray.

 

In a password spray attack, the bad guys try the most common passwords across many different accounts and services to gain access to any password protected assets they can find. Usually these span many different organizations and identity providers. For example, an attacker will use a commonly available toolkit like Mailsniper to enumerate all of the users in several organizations and then try “P@$$w0rd” and “Password1” against all of those accounts. 

 

030418_2027_AzureADandA1.jpg

 

Read about it in the Enterprise Mobility + Security blog.