image credit: Adobe Stock

A fifth of passwords used by federal agency cracked in security audit

January 11, 2023


More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.

The audit was performed by the department’s inspector general, which obtained cryptographic hashes for 85,944 employee active directory (AD) accounts. Auditors then used a list of more than 1.5 billion words that included:

Read More on ArsTechnica