Password Spray Attack is Easily Preventable

Microsoft: Watch out for password spray attacks — especially you, Basic Auth

https://www.theregister.com/2022/10/04/microsoft_exchange_password_spray/

It may appear that there are two ways to be free of the fear of password spray attacks -

(A) remove the password from identity security; no password can be sprayed where the password does not exist (*1) and

(B) use a unique high-entropy password in view of the absolute necessity of secret credentials for solid identity assurance (*2)

(A) would enable you to enjoy a password-spray-attack-resistant digital life as you enjoy a phishing-resistant digital life — “Enjoy a Phishing-resistant Life as you enjoy a Pickpocket-resistant Life” https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-ethics-activity-6983213251115331584-viae

(B) could be achieved right away by everyone at no cost although it may not be as convenient as throwing away the password — “Quick-Fix for Preventing Re-Use of Password” https://www.linkedin.com/posts/hitoshikokumai_classroom-app-seesaw-abused-to-send-inappropriate-activity-6977868634312294401-rX-K

Website — https://www.mnemonicidentitysolutions.com/

Digital identity blogs collected at https://www.linkedin.com/pulse/collection-digital-identity-comments-hitoshi-kokumai-posted-kokumai/