Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 24 2018, @09:25AM   Printer-friendly
from the what-protects-YOUR-luggage? dept.

Submitted via IRC for AndyTheAbsurd

Somewhere in Western Australia, a government IT employee is probably laughing or crying or pulling their hair out (or maybe all of the above). A security audit of the Western Australian government released by the state’s auditor general this week found that 26 percent of its officials had weak, common passwords -- including more than 5,000 including the word “password" out of 234,000 in 17 government agencies.

The legions of lazy passwords were exactly what you -- or a thrilled hacker -- would expect: 1,464 people went for “Password123” and 813 used “password1." Nearly 200 individuals used “password” -- maybe they never changed it to begin with?

Almost 13,000 used variations of the date and season, and almost 7,000 included versions of “123.”

[...] The traditional guidelines for strong passwords -- make them long and complicated, use symbols and a mix of upper and lowercase letters, change them regularly -- were making it easier for hackers, Paul Grassi of the National Institute of Standards and Technology told NPR last June. The organization’s current guidelines for good passwords are that they should be simple, long and easy to remember. It suggests using normal English words and phrases that are easy for users but tougher on hackers.

If you want to keep your accounts secure, pick something that’s lengthy and memorable, and if you change it, switch more than a single letter or digit. And for heaven’s sake, don’t use the word “password.”

Source: https://www.washingtonpost.com/technology/2018/08/22/western-australian-government-officials-used-password-their-password-cool-cool/?noredirect=on


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by crafoo on Friday August 24 2018, @11:28AM

    by crafoo (6639) on Friday August 24 2018, @11:28AM (#725744)

    The reality is that we need something better than passwords for identification/authorization. People cannot be expected to remember the vast number of passwords required, even just counting the systems at a single place of employment. I counted about 6 for work (they've worked hard to consolidate) - that are changed monthly, have uppercase/lowercase/special character requirements, and that cannot reuse a previous password (ever). Sorry, odds are even just at 6 I am going to forget one of those due to the password requirements. I write them down and stick them in the desk. Sue me.

    The facts are clear. People are forced to write them down and/or use very simple, easy to remember passwords. A system that requires humans but does not account for the limitations of humans to be secure is going to fail. If we are lucky, we will look back on 1994-20XX as this weird in-between time when we still relied on passwords for authentication.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2