Password Attacks - 2.4

Spraying

Attacking accounts with a few attempts using the most common passwords typically used by users. The limited number of attempts means it does not gain attention or lock out accounts. If an attack is not successful, the malicious actor moves on to the next account, and so on.

Brute Force

Trying every possible password variation to gain access. This method is very inefficient and highly noticeable, unless the attempts are done offline to avoid detection.