Password Concepts

Question 1

Spraying Attack

Answer 1

A password spraying attack is a credential-based cyberattack where adversaries test a single weak password against multiple accounts (often across an organisation) to evade lockout thresholds. Unlike brute-force attacks, spraying targets breadth over depth, exploiting human tendencies to reuse simple passwords. Defences include MFA, password blacklists, and anomalous login monitoring.

Question 2

OTPs

Answer 2

A One-Time Password (OTP) is a dynamically generated, short-lived credential used for authentication, valid for a single login session or transaction, used as a means for password-less authentication.