- A report from the US Department of the Interior showed that 21% of employee accounts could be hacked.
- The report also noted that nearly 500 employees used “Password-1234” to protect their accounts.
- One staff member wrote an op-ed for the Washington Post urging others to learn from the report.
Special characters. Regular changes. Don’t click on suspicious links. Anyone who has sat through a workplace cybersafety training has undoubtedly heard these phrases repeated again and again.
And yet, password safety is still a problem, even among federal employees. A report from the Department of the Interior reveals the most-used password among their employees last year was “Password-1234.”
The report — from Kathleen Sedney, assistant inspector general for audits, inspections, and evaluations — detailed how Sedney’s staff managed to break into 21% of the department’s active employee accounts. Out of those 18,000 accounts, 288 had elevated privileges and 362 belonged to senior-level officials.
And 478 accounts all used the dreaded “Password-1234,” according to the report.
Earlier this week, Mark Lee Greenblatt, inspector general for the Department of the Interior and chair of the Council of the Inspectors General on Integrity and Efficiency, wrote an op-ed in the Washington Post calling on everyone to heed the warnings of the report.
“My sneaking suspicion is that Interior Department employees are no different from most Americans in how they use passwords, so if this problem exists in my department, it could exist across the federal government and in business offices and private homes nationwide,” Greenblatt wrote.
Greenblatt also noted that 99.99% of the 18,000 accounts that staff cracked met the Department’s password complexity requirements — including “Password-1234.”
The Department’s investigation followed the May 2021 Colonial Pipeline ransomware attack, according to the report, which resulted in a major gas shortage in the eastern United States. The hackers needed only one stolen password to launch their attack on the pipeline.
Not all is hopeless, though. The report recommends the use of a multi-factor authentication service, as well as adopting passphrases, which are strings of unrelated words over sixteen characters. Greenblatt writes that this is advice anyone can use, both at work and at home.