July 12th, 2017
Perhaps unsurprisingly given the volume of high-profile stories filling the headlines currently, you may have missed this story. For us at Intercede, however, it stuck out like a sore thumb.
Beginning on Friday 23rd June, a sustained, 12-hour long, brute-force assault took place on the parliamentary email network. According to a parliamentary spokesperson though, “fewer than one per cent of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.”
As hacks go, a success rate of about 1% can be considered a resounding success, especially considering that this was an attack on Parliament. The attack exploited bad password hygiene, and there’s really no excuse for that when dealing with matters of national security. Not only did this attack potentially expose state secrets and leave the owners of the accounts open to blackmail, it meant officials were forced to lock MPs (including PM Theresa May) out of their own email accounts until the attack could be contained.
We can’t allow our government to be vulnerable to these sort of ‘easy’ attacks. We’ve all known for years that passwords should be complex and can’t be easy to guess – what’s now crystal clear though is that given those accounts hacked belonged to the parliamentary network, we really can’t trust anyone to follow proper protocol with regards to passwords.
The solution, as we see it, is to stop trusting people to choose secure passwords. Intercede has been working for decades with governments, federal organisations and companies around the world who deal with incredibly sensitive information. Our solutions allow them to do away with the problems passwords present, by doing away with passwords entirely. Secure two-factor authentication is immune to user error, and doesn’t require guidelines from the Parliamentary Digital Service.