this post was submitted on 07 Aug 2023
61 points (96.9% liked)

Technology

74289 readers
4153 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
61
Thousands of employees in the US Department of the Interior are using accounts that are easily hacked (www.businessinsider.com)
submitted 2 years ago by L4s@lemmy.world to c/technology@lemmy.world
9 comments fedilink hide all child comments
 

Thousands of employees in the US Department of the Interior are using accounts that are easily hacked::The Interior Department is tasked with protecting the country's natural resources, like gas pipelines. Hundreds of its senior officers even used "password-1234" on their accounts.

all 11 comments
sorted by: hot top controversial new old
[–] totallynotfbi@lemm.ee 18 points 2 years ago (3 children)

Greenblatt also noted that 99.99% of the 18,000 accounts that staff cracked met the Department's password complexity requirements — including "Password-1234."

If a password as rudimentary as "password-1234" satisfies the complexity requirements, I think that some blame should be shared by the IT team in charge of account security...

[–] Cqrd@lemmy.dbzer0.com 9 points 2 years ago (1 children)

My wife works for the govt and says the password rules also require being changed every 90 days for her, which has been proven to cause weak passwords and/or people writing them down because they can’t remember their current one.

The govt uses pretty antiquated password security guidelines, this article is no surprise.

[–] Ilikepornaddict@lemmynsfw.com 4 points 2 years ago (1 children)

This is the most likely cause. My work has this too, but it's every 30 days, and you can't use the same password as any of your last 21 passwords. Which means I need 21 unique passwords. So it's Password1, Pasword2, etc until Password 21, when I then loop back around. Great job security team!

[–] TornadoRex@lemmy.world 1 points 2 years ago (2 children)

Which also means your company is storing your old passwords which is a big security issue

[–] Ilikepornaddict@lemmynsfw.com 2 points 2 years ago

My company's IT department is terrible. Nothing is done right. And they're a multi-billion dollar company.

[–] TheRealKuni@midwest.social 1 points 2 years ago* (last edited 2 years ago)

Not necessarily, it could mean they’re storing the old salted hashes.

I’m pretty sure this is a setting in Windows group policy, I assume Microsoft does it correctly.

[–] Blamemeta@lemm.ee 1 points 2 years ago

Password-1234 is over 8 characters, has an uppercase character, a lowercase character, a number, and a special character.

Looks fine to me.

[–] n3cr0@lemmy.world 6 points 2 years ago

They did it all correct: Characters lower case and upper case, numbers and symbols. 🥴

[–] FlyingSquid@lemmy.world 2 points 2 years ago

That's amazing! That's the same password I have on my luggage!