Skip to Content

Dept. of Interior OIG Finds Problematic Password Management

While conducting tests for a report on password management with US Department of Interior (DoI) systems, DoI Office of Inspector General (OIG) staff were able to crack 16 percent of DoI passwords within an hour-and-a-half. According to the DoI OIG report, five percent of active credentials within the department’s network used the word “password.” The report also notes that DoI has not consistently implemented multi-factor authentication.

Note

  • In 2019, SANS recognized Jefferson Gilkeson, Director of Information Technology Audit, U.S. Department of the Interior, with a SANS Difference Makers award and it is good to see DoI keeping up the good work in making Office of Inspector General audits include active testing rather than just be data call/review exercises. Not all the results were negative – the audit pointed out that 99% of DoI admin privileged accounts required MFA and the DoI says that is now 100%. Can you make the same claim?
  • Make sure that you’re rolling out/requiring MFA wherever possible. You will likely still have places which still need reusable passwords. Users need all the help you can provide to select good passwords. You need policy, training, and technical measures to help them out. You can get services that integrate with your AD to check passwords against data breach notification; where the checks are made locally, they use a fraction of the password hash to collect possible matches from their database. Also, tools exist to help us configure password rules to modern (NIST 800-63-3) guidance. Trade-off long passphrases, which only have to be changed when breached, with shorter (weaker) passwords which require frequent update.

Read more in

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.