Report: Insecure passwords rampant among .gov emails


A cybercrime analytics company stated that .gov email addresses with unsafe passwords increase cyber crime. — Photo by Brett Jordan on Unsplash

Password hygiene might be going downhill for people with .gov email addresses, according to a new identity exposure report released by cyber crime analytics company SpyCloud.

SpyCloud uses recaptured data from the dark web to analyse and identify the latest trends in cyber crime and its impact on society. Researchers found 723 breaches containing .gov emails in 2023, an increase from 695 in 2022 and 611 in 2021.

"This is not a shock to me," said Trevor Hilligoss, vice president of SpyCloud Labs, SpyCloud's research team responsible for recapturing data and analysing patterns from the criminal underground. "We do have a lot of challenges in the government involving cyber hygiene at large. I think one of the things that the report really calls out is that it's not getting better."

Researchers suggest the persistent problem may be at least in part due to password reuse – the practice of using the same password for multiple accounts. Password reuse rates for .gov users increased in the last year, from 61% in 2022 to 67% in 2023.

"In those instances, while we might not have a breach of a government system, if there is password reuse going on, that password from a compromised source could potentially be used against a government source, even if that government asset was not necessarily itself the victim of a breach," said Hilligoss.

Additionally, the report exposed that many government agencies continue to struggle with bad password practices overall, as the most common passwords associated with .gov emails were “password”, “pass1” and “123456”.

The increase in .gov passwords exposed on the dark web may also be due to the growing number of state and local government agencies adopting .gov domains.

While SpyCloud's report doesn't specifically analyse the use of pop culture references in .gov passwords, researchers say people in general are still using pop culture references to inspire their passwords, a choice that could jeopardise their account security.

"You could craft a password using only pop culture references that use four distinct words and special characters and spaces and from a cryptographic perspective, that's uncrackable. But it's not unguessable," Hilligoss said. "Criminals are not dumb. They're human beings just like everybody else. They're thinking people, so they know what the password trends are. This is not news to them."

As conversations continue within tech communities about whether the password should die, SpyCloud researchers suggest that at minimum, users consider using password managers to protect their accounts from cyberattacks. – Government Technology/Tribune News Service

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Opinion: In sunny Tahoe, a hollow-eyed tech billionaire pretends to be normal
An Apple AI blunder messed up headline summaries so badly some want the feature pulled
Google proposes altering contracts to correct illegal search monopoly
As elder fraud explodes, banks in the US beat back duty to call cops
Many Americans have come to rely on Chinese-made drones. Now lawmakers want to ban them
Apple seeks to defend Google's billion-dollar payments in search case
Iran lifts ban on WhatsApp and Google Play, state media says
India's push for home-grown satellite constellation gets 30 aspirants
Google Search has a surprise in store for 'Squid Game' fans
Blogs to Bluesky: social media shifts responses after 2004 tsunami

Others Also Read