EnlargeGetty Images
More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.
The audit was performed by the department’s Inspector General, which obtained cryptographic hashes for 85,944 employee active directory (AD) accounts. Auditors then used a list of more than 1.5 billion words that included:
Dictionaries from multiple languages US government terminology Pop culture references Publicly available password lists harvested from past data breaches across both public and private sectors Common
→ Continue reading at Ars Technica