Auditors were able to crack a fifth of the 86,000 passwords it tested. Image: C. Fish Images/Shutterstock.com
By: FEDweek StaffThe traditional emphasis on having complex passwords for securing online information is not adequate because “human psychology can be exploited by cyber criminals to compromise our accounts,” says a post on cio.gov as part of National Cybersecurity Awareness Month for October.
“Previously, the conventional wisdom was to create passwords using special characters, capitalization, numbers, letters, and a variety of arbitrary rules including forcing you to change your password multiple times per year. Research shows each of us did the same thing in response–re-used passwords or created variations of the same password because we’d been asked to memorize dozens of unique passwords for every site, log-in, or application,” it says.
That issue was raised for example in an inspector general report on the Interior Department earlier this year, in which auditors were able to crack a fifth of the 86,000 passwords it tested. Five of the 10 most commonly used passwords included a variation of “password” and “1234,” and while policies require regular changes, the change often is only a minor one, it found.
The cio.gov post says that:
* “When you must use a password, use a longer password (15 or more characters) or even passphrases, as these provide greater protection than a shorter, arbitrarily complex password. Passphrases have the added benefit of being easy to remember.
* “Employing MFA [multi-factor authentication] (such as a one-time code emailed to you or an authenticator app on your phone) adds a second, critical layer to protect against a compromised password. MFA should be set up anytime it is available.”
* “Password managers, protected by one very strong, long password with MFA enabled, allow us to create unique passwords for each site without needing to memorize them all.”
Senate Eyes Vote to Pay Federal Employees Working Unpaid
Series of Bills Offered to Address Shutdown’s Impact on Employees
Public Starting to Feel Impact of Shutdown, Survey Shows
OPM Details Coverage Changes, Plan Dropouts for FEHB/PSHB in 2026
Does My FEHB/PSHB Plan Stack Up? Here’s How to Tell
2025 TSP Rollercoaster and the G Fund Merry-go-Round
See also,
TSP Takes Step toward Upcoming In-Plan Roth Conversions
5 Steps to Protect Your Federal Job During the Shutdown
Over 30K TSP Accounts Have Crossed the Million Mark in 2025
