Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call

The Problem of a Password Protected Parliament – Westminster123

Steven Hopeon 27th June 2017

Over the weekend it was widely reported that the approx. 90 email accounts in the UK Parliament had been compromised, in a brute force attack that looked to exploit accounts ‘protected’ by weak passwords, an example of which might be Westminster123 or JohnSmithMP!

According to reports, these 90 accounts represent less than 1% of the email accounts in use, however, the damage a motivated cybercriminal can inflict with just one compromised account could be significant. What’s more, it is unlikely to stop at email, after all, if a weak password is being used for their email account (because it is easy to remember) then would be fair to assume that it is probably being reused as the gateway to other applications either professionally, or personally such as social networks. Gaining access to an MP’s email is bad enough but, having free reign over their Twitter that could be a catastrophic PR disaster!

This latest compromise, combined with the WannaCry ransomware attack that devastated the NHS in May highlights the fragile vulnerability of many public-sector IT systems. These two incidents are both very different in nature, but what they have in common is their simplicity and ease of prevention. WannaCry was not a sophisticated cyber attack, infecting unpatched machines using older versions of Windows. Meanwhile, a brute force attack is one of the most rudimentary forms of attack.

There will be calls for using ‘stronger’ passwords and protocols that insist they are changed periodically, but for email accounts such as these, that will undoubtedly contain confidential information, that simply isn’t enough to prevent a determined attacker. It may slow them down, but not for long. The fact is that if you want to prevent password-based security from being breached you need to replace passwords, and unlike upgrading every Windows machine in the NHS to the latest version, it needn’t cost very much money.

Author: Steven Hope, CEO of Authlogics

in Authentication, Security

Leave a Reply Cancel reply

  • Previous

    Authlogics New Suite Provides Three Authentication Technologies and Factors in one License

  • Next

    The Internet of Things is Cutting Corners with Security

Recent Posts

  • 3.2 billion credentials (emails and passwords) rinsed up, cleaned out and COMBed
  • PRESS RELEASE: Authlogics Partners with Westcoast to Deliver Passwordless Authentication Solutions in the UK, Ireland, and Europe
  • Reflection & Prediction
  • Analyzing the Cit0day breach
  • Read all about it – your ‘Audit’ here!

Recent Comments

  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Multi-Factor Authentication
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Auditing
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Management
  • Weekly Update 216 | Spyware.ws on Corporate Password Security with Troy Hunt
  • Weekly Update 216 | AdwareSearch.com on Corporate Password Security with Troy Hunt

Archives

  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • May 2020
  • April 2020
  • February 2020
  • January 2020
  • December 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • January 2019
  • September 2018
  • January 2018
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015

Categories

  • Authentication
  • Business
  • Compliance
  • Customer Experience
  • Data Breach
  • Download
  • Implementation
  • Management
  • Marketing
  • Multi Factor Authentication
  • Password
  • Password Replacement
  • PIN
  • Remote Working
  • Security
  • Strategy
  • Uncategorised

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact us

UK: +44 1344 568 900
US: +1 408 706 2866

sales@authlogics.com
info@authlogics.com

Visit us

Access Office Suites, Willoughby Road,
Bracknell, Berkshire, RG12 8FP, UK

Map it »

1551 McCarthy Blvd, Suite 215,
Milpitas, CA, 95035, US

Map it »

Follow on

Legal information

Privacy Policy
© Authlogics Ltd. All Rights Reserved.