This post is also available in: עברית (Hebrew)
Recently, a report published by the US Department of Interior following an investigation by the Inspector General has showcased that 21% of the entire user database of the department had used passwords that could be easily cracked by outside forces.
Additionally, the report criticized the institution and its reliance on only one form of system and user protection – the password. Despite many experts deeming the password to be weak at protecting users against modern hackers, the US Department of Interior has yet to pickup the pace and adhere to cyber security guidelines of mandating stronger two-factor authentication.
Over the course of the inspection, 18,174 of 85,944—or 21 percent of active user passwords, including 288 accounts with elevated privileges and 362 accounts of senior U.S. Government employees – were cracked. According to cybernews.com, the Inspector General also said that the password complexity requirements at the DOI were so outdated and ineffective that employees were able to select easy-to-crack passwords, such as “Changeme$12345”, “Polar_bear65”. Some of the users were probably irritated by regular prompts to change their passwords, and, out of spite, selected combinations like “ChangeIt123” or “ChangeItN0w!”.
In fact, 4.75 percent of all active user account passwords were based on the word “password.” The most commonly reused password, “Password-1234”, was used on 478 unique active accounts. The report states that the researchers were able to crack the passwords for 16% of the DOI user accounts within the first 90 minutes of testing, and the cost of building a password-cracking rig only cost less than $15,000.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th
Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!