A security analyst notices failed login attempts against many different user accounts. Each account sees only two or three attempts, all using common passwords like "Winter2025!" — and the attempts come slowly, over several days. Which attack is MOST likely occurring?
- A. Brute-force attack
- B. Credential stuffing
- C. Password spraying Correct
- D. Rainbow table attack
Why C is correct
Password spraying tries a few common passwords across many accounts, slowly, specifically to stay under account-lockout thresholds. That's exactly the pattern described: many accounts, few attempts each, common passwords, spread over days.
Why the others are incorrect
A brute-force attack hammers one account with many passwords — the opposite volume pattern. Credential stuffing replays real username/password pairs stolen from other breaches, not guessed common passwords. A rainbow table attack is an offline technique against stolen password hashes — it never generates login attempts at all.