This poor practice is just unacceptable, an auditor general says
Remembering multiple passwords may be difficult but using something as predictable and obvious as ‘Password123’ could leave your account open to hackers, security experts have warned.
Nearly 1,500 government officials in Western Australia, however, used that exact alphanumeric combination as their security code, an audit of 17 agencies revealed.
Western Australia’s auditor general reported almost a third of officials used weak passwords, including the term ‘password’ in 5,000 instances out of the 234,000 accounts tested.
“After repeatedly raising password risks with agencies, it is unacceptable that people are still using password123 and abcd1234 to access critical agency systems and information,” Auditor General Caroline Spencer was quoted in Western Australia Today.
The audit also showed most government employees were not given sufficient guidance in the creation and storage of their passwords. Some security codes, for instance, were kept in easily accessible document or spreadsheets.
The Office of Digital Government has promised to beef up security across all government agencies by educating employees of best practices to safeguard their account.
In the US, government agencies such as the Internal Revenue Service, Nuclear Regulatory Commission, and Department of Homeland Security have also fallen victim to data breaches. In these instances, cybersecurity analysts reported similar practices of using weak passwords and storing access codes in unsecure locations.
More than 80% of hacking incidents occur because of stolen or weak passwords, Verizon’s study on data breaches showed.
