Cybercriminals are always looking for novel ways to gain unauthorized access to online accounts and IT networks. Password “spraying” is a newer scheme you and your IT department need to know about and guard against. Traditional cyberattacks attempt to breach a single account with multiple password attempts. But password spraying schemes use common passwords to try to access as many accounts as possible. Unfortunately, this approach can be very effective. How and why it works Password spraying perpetrators buy lists of usernames or email addresses and either buy or invent lists of common passwords. They then attempt to access multiple accounts using a single password. If that password doesn’t work, the criminals select a new password and keep trying until, eventually, a password opens an account. That...