The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by “password spray” attacks.

In these attacks brute force login attacks, attempt to break into accounts using these simple passwords with the goal of stealing sensitive information and unlike social engineering, these attacks require little more than rudimentary knowledge of the target organization and internet search skills.

An attacker first obtains a list of usernames of as many agency employees as possible which is made easier by the fact that most government email addresses take the form [email protected], and that most usernames are a formulaic combination of a person’s first name or initial, last name, and perhaps a numeric identifier.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.