Cyberattack Reveals Weak Password Policies of Law Enforcement Agencies

By Carlton Purvis


Three other agencies contacted by Security Management said they didn’t have an official password policy (and that it was up to the users to make sure they picked secure passwords). Others said they had users change their passwords regularly, but declined going into detail about past and present policies because of the recent hack.

“There isn’t anything I could or couldn’t do to prevent it [the server being hacked], but we took this opportunity to review our own policies and procedures and security measures because the issue was brought to light. We will be making some changes,” Baxter County Sheriff John Montgomery told Security Management.

In another instance, LulZec broke into one company after discovering the CEO’s personal email password was the same as his company email password.

“They’re [hacktivists] shining a very big light saying ‘Nobody is safe.’ If you’re dealing with anything that you remotely consider confidential, you need to be thinking about security,” Sverdlove said.

Check out 10 tips for making a hacker-resistant password from Privacy Rights Clearinghouse here.

photo by stevendepolo from flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.