Prevent Password Spraying Attacks
Password spraying is a tactic used by malicious actors to attempt gain unauthorized access to an account by systematic password guessing against multiple usernames. Several security updates show that this is a commonly used malicious tactic. This therefore requires system administrators to implement appropriate mitigation measures to reduces this happening in IT environments. The Uganda National CERT and Coordination Center recommends the following top tips:
- Set up minimum password length and complexity. The principle is that longer and more complex passwords are harder to crack
- Require users to change default passwords on first login
- Implement periodic user password reset
- Configure an effective account lockout policy based on a defined number of unsuccessful login attempts
- Review and implement the most appropriate Multi-Factor Authentication (MFA) mechanism for your organization
- Avoid use of default credentials
- Beef up monitoring to detect and respond to repeated login failed attempts