Over 1,400 government officials in Western Australia used the phrase ‘Password123’ as the password for their entrance into government agencies, a security audit of the Western Australian government released this week revealed.
The audit revealed that 1,464 people used the password “Password123,” while 813 used “password1.” Nearly 200 people opted for just “password,” while almost 13,000 used variations of the date and season. A further 7,000 included words with the ending of “123.”
“Many of these passwords comply with industry standards for password complexity and a length of at least 8 characters,” the audit report states. “This indicates that merely applying these parameters is insufficient to guard against inappropriate access to networks and systems.”
The use of simple, predictable passwords presents a significant cyber threat, as it makes it far easier for hackers to gain access to government agencies and obtain information that could put millions of people’s lives at risk. Many employees also saved their passwords in easily accessible word documents and spreadsheets.
“After repeatedly raising password risks with agencies, it is unacceptable that people are still using password123 and abcd1234 to access critical agency systems and information,” said Auditor General Caroline Spencer on publishing the audit. “Those passwords contain agency systems, which contain sensitive and confidential information, to inappropriate access and unauthorized use.”
“Agency systems are being attacked regularly, so the risk is real,” she continued. “We are still finding that agencies are not taking the risk to information system security and capability seriously enough.”
The government has responded to the report by pledging a wave of new security measures that include a new cybersecurity team dedicated to improving government security practices, as well as providing advice on how employees can store their passwords more securely.
ICT Minister Dave Kelly claimed that the report showed government information security performance is actually improving, with the number of agencies meeting the required security standards rising from 39 percent 50 percent.
“It was clear when we came to Government that cybersecurity had been ignored by the previous government, and agencies needed help to improve their practices and capabilities,” Kelly said. “This includes the State Government’s first ever cyber security team within the new Office of Digital Government (OAG).”
Cyber attacks have become a major security threat for organizations worldwide, targeting companies like Yahoo, as well as dating sites such as FriendFinder, Penthouse.com. Last year, a report by Verizon found that 81 percent of hacking-related breaches were a result of stolen or weak passwords.