A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes – By Zack Whittaker (Techcrunch) / Jan 10, 2023
Step one: build a password-cracking rig
A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’.
The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight of the U.S. executive agency that manages the country’s federal land, national parks and a budget of billions of dollars, said that the department’s reliance on passwords as the sole way of protecting some of its most important systems and employees’ user accounts has bucked nearly two decades of the government’s own cybersecurity guidance of mandating stronger two-factor authentication.
It concludes that poor password policies puts the department at risk of a breach that could lead to a “high probability” of massive disruption to its operations.
CONTINUE > https://techcrunch.com/2023/01/10/interior-department-watchdog-passwords/