Following the news that Passwords used by Donald Trump’s incoming cyber security advisor Rudy Giuliani and 13 other top staff members have been leaked in mass hacks, a Channel 4 News investigation has revealed.IT security experts from Tripwire and Comparitech.com commented below.
Dwayne Melancon, CTO at Tripwire:
“Breaches like these – and the associated list of simple passwords – underscore the need for two-factor authentication on sensitive accounts, such as the email accounts of public figures. Two-factor authentication, along with periodic password changes, greatly reduces the likelihood of a successful compromise even if someone gains access to your password. Two-factor authentication also mitigates much of the risk if someone re-uses a password.”
.
Lee Munson, Security Researcher at Comparitech.com:
“It’s an unfortunate fact of life but data breaches happen all the time and a big part of the fallout from that is the fact that users’ passwords are often stolen by the attacker.
It’s also gravely unfortunate that many stolen passwords are easily readable because they have either not been encrypted, or have been encrypted poorly.
What is not so forgivable, however, is the fact that many of Trump’s staff have reportedly been using the same password across a number of different accounts.
While such behaviour is, alas, common among the entire internet population, senior White House personnel and cyber czars really ought to know better.
Not only that, the fact that some of the passwords appear to have come from sites such as MySpace may suggest that dormant, no longer wanted, accounts have been allowed to remain active which, itself, is also something of a security howler from people who should know better.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.