{"id":50108,"date":"2023-01-11T15:07:42","date_gmt":"2023-01-11T15:07:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34206\/A-Fifth-Of-Passwords-Used-By-Federal-Agency-Cracked-In-Security-Audit.html"},"modified":"2023-01-11T15:07:42","modified_gmt":"2023-01-11T15:07:42","slug":"a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/","title":{"rendered":"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/password-800x600.jpeg\" alt=\"A fifth of passwords used by federal agency cracked in security audit\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"0 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/01\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">141<\/span> <span class=\"visually-hidden\"> with 0 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 4:single\/related:7aea2bdac26d0a4a79f6e087484d5479 --><!-- empty --><\/p>\n<p>More than a fifth of the passwords protecting network accounts at the US Department of the Interior\u2014including Password1234, Password1234!, and ChangeItN0w!\u2014were weak enough to be cracked using standard methods, a recently published security audit of the agency found.<\/p>\n<p>The audit was performed by the department\u2019s inspector general, which obtained cryptographic hashes for 85,944 employee active directory (AD) accounts. Auditors then used a list of more than 1.5 billion words that included:<\/p>\n<ul>\n<li>Dictionaries from multiple languages<\/li>\n<li>US government terminology<\/li>\n<li>Pop culture references<\/li>\n<li>Publicly available password lists harvested from past data breaches across both public and private sectors<\/li>\n<li>Common keyboard patterns (e.g., \u201cqwerty\u201d)<\/li>\n<\/ul>\n<p>The results weren\u2019t encouraging. In all, the auditors cracked 18,174\u2014or 21 percent\u2014of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department\u2019s user accounts.<\/p>\n<p>The audit uncovered another security weakness\u2014the failure to consistently implement multi-factor authentication (MFA). The failure extended to 25\u2014or 89 percent\u2014of 28 high-value assets (HVAs), which, when breached, have the potential to severely impact agency operations.<\/p>\n<p>\u201cIt is likely that if a well-resourced attacker were to capture Department AD password hashes, the attacker would have achieved a success rate similar to ours in cracking the hashes,\u201d the <a href=\"https:\/\/www.doioig.gov\/sites\/default\/files\/2021-migration\/Final%20Inspection%20Report_DOI%20Password_Public.pdf\">final inspection report<\/a> stated. \u201cThe significance of our findings regarding the Department\u2019s poor password management is magnified given our high success rate cracking password hashes, the large number of elevated privilege and senior government employee passwords we cracked, and the fact that most of the Department\u2019s HVAs did not employ MFA.\u201d<\/p>\n<p>The most commonly used passwords, followed by the number of users, were:<\/p>\n<ul>\n<li aria-level=\"1\">Password-1234 | 478<\/li>\n<li aria-level=\"1\">Br0nc0$2012 | 389<\/li>\n<li aria-level=\"1\">Password123$ | 318<\/li>\n<li aria-level=\"1\">Password1234 | 274<\/li>\n<li aria-level=\"1\">Summ3rSun2020! | 191<\/li>\n<li aria-level=\"1\">0rlando_0000 | 160<\/li>\n<li aria-level=\"1\">Password1234! | 150<\/li>\n<li aria-level=\"1\">ChangeIt123 | 140<\/li>\n<li aria-level=\"1\">1234password$ | 138<\/li>\n<li aria-level=\"1\">ChangeItN0w! | 130<\/li>\n<\/ul>\n<p>TechCrunch <a href=\"https:\/\/techcrunch.com\/2023\/01\/10\/interior-department-watchdog-passwords\/\">reported<\/a> the results of the audit earlier. The publication said auditors spent less than $15,000 building a password-cracking rig. Quoting a department representative, it continued:<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<blockquote>\n<p>The setup we use consists of two rigs with 8 GPU each (16 total), and a management console. The rigs themselves run multiple open source containers where we can bring up 2, 4, or 8 GPU and assign them tasks from the open source work distribution console. Using GPU 2 and 3 generations behind currently available products, we achieved pre-fieldwork NTLM combined benchmarks of 240GHs testing NTLM via 12 character masks, and 25.6GHs via 10GB dictionary and a 3MB rules file. Actual speeds varied across multiple test configurations during the engagement.<\/p>\n<\/blockquote>\n<p>The vast majority\u201499.99 percent\u2014of passwords cracked by the auditors complied with the department\u2019s password complexity requirements, which mandates passwords must have a minimum of 12 characters and contain at least three of four character types consisting of uppercase, lowercase, digits, and special characters. The audit uncovered what Ars has been <a href=\"https:\/\/arstechnica.com\/information-technology\/2014\/06\/how-the-get-safe-online-password-checker-fails-users-badly\/\">saying for almost a decade<\/a> now\u2014such guidelines are usually meaningless.<\/p>\n<p>That\u2019s because the guides assume attackers will use brute-force methods, in which every possible combination is methodically tried in alphanumeric order. It\u2019s far more common for attackers to use lists of previously cracked passwords, which are available on the Internet. Attackers then plug the lists into rigs that contain dozens of super-fast GPUs that try each word in the order of popularity of each string.<\/p>\n<p>\u201cEven though a password [such as Password-1234] meets requirements because it includes uppercase, lowercase, digits, and a special character, it is extremely easy to crack,\u201d the final report noted. \u201cThe second most frequently used password was Br0nc0$2012. Although this may appear to be a \u2018stronger\u2019 password, it is, in practice, very weak because it is based on a single dictionary word with common character replacements.\u201d<\/p>\n<p>The report noted that <a href=\"https:\/\/pages.nist.gov\/800-63-3\/\">NIST SP 800\u201363 Digital Identity Guidelines<\/a> recommend long passphrases made up of multiple unrelated words because they\u2019re more difficult for a computer to crack. Ars has long recommended using a password manager to create random passphrases and store them.<\/p>\n<p>Sadly, even the department\u2019s inspector general can\u2019t be relied on for completely reliable password advice. The auditors faulted the department for failing to change passwords every 60 days as required. Plenty of government and corporate policies continue to mandate such changes, even though most password security experts have concluded that they just <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/08\/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says\/\">encourage weak password choices<\/a>. The better advice is to use a strong, randomly generated password that\u2019s unique for every account and change it only when there\u2019s reason to believe it might have been compromised. READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34206\/A-Fifth-Of-Passwords-Used-By-Federal-Agency-Cracked-In-Security-Audit.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50109,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10341],"class_list":["post-50108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentusapassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-11T15:07:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/password-800x600.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit\",\"datePublished\":\"2023-01-11T15:07:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/\"},\"wordCount\":760,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg\",\"keywords\":[\"headline,government,usa,password\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/\",\"name\":\"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg\",\"datePublished\":\"2023-01-11T15:07:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,usa,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentusapassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/","og_locale":"en_US","og_type":"article","og_title":"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-11T15:07:42+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/password-800x600.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit","datePublished":"2023-01-11T15:07:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/"},"wordCount":760,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg","keywords":["headline,government,usa,password"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/","url":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/","name":"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg","datePublished":"2023-01-11T15:07:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit.jpg","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-fifth-of-passwords-used-by-federal-agency-cracked-in-security-audit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,usa,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentusapassword\/"},{"@type":"ListItem","position":3,"name":"A Fifth Of Passwords Used By Federal Agency Cracked In Security Audit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50108"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50108\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50109"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}