all InfoSec news
Passwords Are Terrible (Surprising No One)
Schneier on Security www.schneier.com
This is the result of a security audit:
More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.
[…]
The results weren’t encouraging. In all, the auditors cracked 18,174—or 21 percent—of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior …
accounts agency audit cracked cracking department hashes national security policy network passwords privileges protecting result results security security audit standard us department of the interior