Thousands of employees in the US Department of the Interior are using accounts that are easily hacked::The Interior Department is tasked with protecting the country’s natural resources, like gas pipelines. Hundreds of its senior officers even used “password-1234” on their accounts.

  • totallynotfbi@lemm.ee
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    Greenblatt also noted that 99.99% of the 18,000 accounts that staff cracked met the Department’s password complexity requirements — including “Password-1234.”

    If a password as rudimentary as “password-1234” satisfies the complexity requirements, I think that some blame should be shared by the IT team in charge of account security…

    • body_by_make@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      My wife works for the govt and says the password rules also require being changed every 90 days for her, which has been proven to cause weak passwords and/or people writing them down because they can’t remember their current one.

      The govt uses pretty antiquated password security guidelines, this article is no surprise.

      • Ilikepornaddict@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        This is the most likely cause. My work has this too, but it’s every 30 days, and you can’t use the same password as any of your last 21 passwords. Which means I need 21 unique passwords. So it’s Password1, Pasword2, etc until Password 21, when I then loop back around. Great job security team!

          • TheRealKuni@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Not necessarily, it could mean they’re storing the old salted hashes.

            I’m pretty sure this is a setting in Windows group policy, I assume Microsoft does it correctly.

    • Tony Smehrik@programming.dev
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Passwords are the weak link here. Microsoft figured out all you need to keep an account secure is 2FA, to the point they offer password-free account access.

    • Throwaway@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Password-1234 is over 8 characters, has an uppercase character, a lowercase character, a number, and a special character.

      Looks fine to me.

  • N3Cr0@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    They did it all correct: Characters lower case and upper case, numbers and symbols. 🥴