A Fifth of Passwords Used by Federal Agency Cracked in Security Audit

by
mrpg
from SoylentNews on (#67XWS)

upstart writes:

89% of the department's high-value assets didn't use multi-factor authentication:

More than a fifth of the passwords protecting network accounts at the US Department of the Interior-including Password1234, Password1234!, and ChangeItN0w!-were weak enough to be cracked using standard methods, a recently published security audit of the agency found.

[...] The results weren't encouraging. In all, the auditors cracked 18,174-or 21 percent-of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department's user accounts.

The audit uncovered another security weakness-the failure to consistently implement multi-factor authentication (MFA). The failure extended to 25-or 89 percent-of 28 high-value assets (HVAs), which, when breached, have the potential to severely impact agency operations.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments