US Government Also Uses 'Password' for Password
Report slams lazy cybersecurity measures in place at federal agencies
By John Johnson, Newser Staff
Posted Feb 4, 2014 1:32 PM CST

(Newser) – Yes, ordinary and lazy humans often use "password" as a computer password, but a new report complains that the same thing applies to sensitive government agencies, reports Mashable. The Senate cybersecurity report finds that agencies ranging from Homeland Security to the IRS use weak security measures that leave their data vulnerable to hackers. The report makes note of the use of "password," but it cites other head-scratchers common within the federal system such as expired virus protection and security patches in need of updates.

“As a taxpayer, I’m outraged,” the director of cybereducation group the SANS Institute tells the Washington Post. “We’re spending all this money and getting so little impact for it.” Sen. Tom Coburn of Oklahoma is particularly peeved at Homeland Security, which is charged with making sure other agencies are secure. “None of the other agencies want to listen to Homeland Security when they aren’t taking care of their own systems,” he says. A Columbia professor thinks the government needs to boost the salary of IT workers to retain top-notch employees. Until then, we're likely to get more fake zombie alerts, and worse, from hackers.

More From Newser
My Take on This Story
To report an error on this story,
notify our editors.
US Government Also Uses 'Password' for Password is...
Show results without voting
You Might Like
Showing 3 of 13 comments
Jan 25, 2015 9:26 AM CST
It isn't hard to come up with a really good password for every site you visit. The hard part is keeping track of them. That's why most people just go with something they can remember and figure the odds are on their side. Not me!
Jan 23, 2015 8:45 PM CST
When I worked for the USGS about 7 years ago, someone in the IT Dept. got hold of a password cracker program -- quite a few employees got chewed out for using easy passwords. Our computer systems were monitored 24/7 by a person on the Federal Center -- if there was an intrusion or attempted intrusion, that PC was taken off-line immediately. I remember we had one Linux box, and one night someone hacked it and was trying to store pictures on it. We came in in the morning and that had been taken off line (so much for security on Linux).
Nov 15, 2014 11:55 AM CST
I worked at a NASA controlled facility dealing with non-classified information and our passwords were required to be at least 8 characters in length and include capital letters, small letters and numbers. They had to be changed every 30 days and duplicates were not allowed. These requirements were mandatory and could not be evaded by the user. I can't speak for other organizations, but at least NASA had their act together. The more secure computers there didn't use passwords at all but the user had a card similar to a charge card that was inserted into a reader to provide secure communications. I think even a super-hacker would have had a challenge there!