Despite repeated warnings about the importance of password safety, a recent report from the Department of the Interior revealed that many federal employees still use weak passwords. The most common password among employees last year was "Password-1234," which was used by a shocking 478 accounts out of 18,000. Even more concerning, this report revealed that 21% of the department's active employee accounts were vulnerable to being hacked. This included 288 accounts with elevated privileges and 362 accounts belonging to senior-level officials.
Following the May 2021 Colonial Pipeline ransomware attack, where hackers only needed one stolen password to cause a major gas shortage in the eastern United States, the Department of the Interior conducted an investigation. The report emphasizes the need for stronger password practices throughout the federal government, as well as in private homes and business offices nationwide. The inspector general for the Department of the Interior, Mark Lee Greenblatt, highlighted these concerns in an op-ed, urging everyone to take the report's warnings seriously.
Interestingly, the report reveals that even though 99.99% of the cracked accounts met the Department's password complexity requirements, they were still susceptible to being hacked. This suggests that relying solely on the use of special characters and regular password changes may not be sufficient. To address this, the report recommends implementing multi-factor authentication, as well as using longer passphrases consisting of unrelated words that are at least sixteen characters long. Greenblatt emphasized that this advice is applicable to both the workplace and personal use and can significantly enhance security.
While the findings of this report are concerning, they also serve as a reminder of the importance of adopting strong password practices to protect sensitive information and prevent cyber attacks.