Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Passwordless Authentication
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • Accolades
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
  • Free Trial
Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Passwordless Authentication
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • Accolades
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
  • Free Trial

The Problem of a Password Protected Parliament – Westminster123

Steven Hopeon 27th June 2017

Over the weekend it was widely reported that the approx. 90 email accounts in the UK Parliament had been compromised, in a brute force attack that looked to exploit accounts ‘protected’ by weak passwords, an example of which might be Westminster123 or JohnSmithMP!

According to reports, these 90 accounts represent less than 1% of the email accounts in use, however, the damage a motivated cybercriminal can inflict with just one compromised account could be significant. What’s more, it is unlikely to stop at email, after all, if a weak password is being used for their email account (because it is easy to remember) then would be fair to assume that it is probably being reused as the gateway to other applications either professionally, or personally such as social networks. Gaining access to an MP’s email is bad enough but, having free reign over their Twitter that could be a catastrophic PR disaster!

This latest compromise, combined with the WannaCry ransomware attack that devastated the NHS in May highlights the fragile vulnerability of many public-sector IT systems. These two incidents are both very different in nature, but what they have in common is their simplicity and ease of prevention. WannaCry was not a sophisticated cyber attack, infecting unpatched machines using older versions of Windows. Meanwhile, a brute force attack is one of the most rudimentary forms of attack.

There will be calls for using ‘stronger’ passwords and protocols that insist they are changed periodically, but for email accounts such as these, that will undoubtedly contain confidential information, that simply isn’t enough to prevent a determined attacker. It may slow them down, but not for long. The fact is that if you want to prevent password-based security from being breached you need to replace passwords, and unlike upgrading every Windows machine in the NHS to the latest version, it needn’t cost very much money.

Author: Steven Hope, CEO of Authlogics

in Authentication, Security
  • Previous

    Authlogics New Suite Provides Three Authentication Technologies and Factors in one License

  • Next

    The Internet of Things is Cutting Corners with Security

Recent Posts

  • Who Wants to be a Breach Billionaire?
  • We Need Higher Factor Protection in the Sun and in the Workplace  
  • Top Ten Universities Vulnerable to Data Breaches and Need Better Password Education
  • Strong Leaders Don’t Have Strong Passwords
  • If You Do One Thing on World Password Day, Find Out How Many of Your Passwords are Being Shared Around the World

Recent Comments

  • Authlogics Announces Money-Back Guarantee for its new Password Security Management 4.1 – Security Review Magazine on Password Breach Database
  • Authlogics Password Security Management 4.1 Makes Authentication Impact Visible – Security Review Magazine on Password Breach Database
  • Top Ten Universities Vulnerable to Data Breaches – The ID Bulletin on Password Security Management
  • The highway to password hell is paved with good intentions - Andre HOT on Have you been Pwned? Most likely
  • The street to password hell is paved with good intentions - Trend Directory on Have you been Pwned? Most likely

Archives

  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • May 2020
  • April 2020
  • February 2020
  • January 2020
  • December 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • January 2019
  • September 2018
  • January 2018
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015

Categories

  • Authentication
  • Awards
  • Business
  • Compliance
  • Customer Experience
  • Data Breach
  • Download
  • Implementation
  • Management
  • Marketing
  • Multi Factor Authentication
  • Password
  • Password Replacement
  • Password Security
  • Passwordless Authentication
  • PIN
  • Predictions
  • Remote Working
  • Security
  • Single Signon
  • Strategy
  • Uncategorised

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact us

UK: +44 1344 568 900
US: +1 408 706 2866

sales@authlogics.com
info@authlogics.com

Visit us

329 Doncastle Road, Bracknell,
Berkshire, RG12 8PE, UK

Map it »

1551 McCarthy Blvd, Suite 215,
Milpitas, CA, 95035, US

Map it »

Follow on

Legal information

Privacy Policy
Refund Policy
© Authlogics Ltd. All Rights Reserved.