Password hygiene may be deteriorating among individuals with .gov email addresses, as indicated by a recent identity exposure report published by SpyCloud, a cyber crime analytics company. SpyCloud utilises recaptured data from the dark web to examine and highlight the latest trends in cyber crime and its societal impact. In 2023, researchers identified 723 breaches involving .gov emails, marking an increase from 695 in 2022 and 611 in 2021.
“This comes as no surprise to me,” stated Trevor Hilligoss, the vice president of SpyCloud Labs, the company’s research team responsible for recapturing data and analysing criminal underground patterns. “Challenges with cyber hygiene in the government sector are prevalent. The report underscores the fact that the situation is not improving.”
Researchers suggest that the ongoing issue may be partially attributed to password reuse, which refers to using the same password for multiple accounts. The rate of password reuse among .gov users rose from 61% in 2022 to 67% in 2023.
“While there may not be a breach of a government system in these instances, if password reuse occurs, a compromised password could potentially be utilised against a government asset, even if the asset itself was not directly breached,” explained Hilligoss.
Furthermore, the report revealed that many government agencies continue to struggle with poor password practices in general, with the most common passwords associated with .gov emails being “password”, “pass1”, and “123456”.
The surge in .gov passwords exposed on the dark web may also be linked to the increasing number of state and local government agencies adopting .gov domains.
Although SpyCloud’s report does not specifically delve into the use of pop culture references in .gov passwords, researchers note that individuals still rely on pop culture references to create their passwords, a decision that could compromise their account security.
“You could create a password using four distinct words, special characters, and spaces inspired by pop culture references, making it cryptographically secure. However, it may not be unpredictable,” Hilligoss elaborated. “Criminals are intelligent individuals who are aware of password trends. This is not news to them.”
Amid ongoing discussions within tech communities regarding the potential demise of passwords, SpyCloud researchers recommend, at the very least, that users consider using password managers to safeguard their accounts against cyberattacks. – Government Technology/Tribune News Service
