Congress Needs a Lesson in Passwords

The Atlantic Wire
Congress Needs a Lesson in Passwords
.

View photo

Congress Needs a Lesson in Passwords

Anonymous claims to have hacked the emails and passwords of some Congress persons and a bunch of their staffers, revealing that the members of our esteemed government have terrible password habits. The list came via the Anonymous twitter handle OpsLastResort in protest of the NSA domestic spying revelations. The document claims to have the "current valid credentials" of more than 2,000 people. But, out of the kindness of their hearts, they "HAVE REMOVED SOME OF THE PASSWORDS AND SHUFFLED THE ORDER OF THE REMAINING ONES." Even without knowing who chose what password, it's certain that Hill people need a lesson in Internet security, assuming the list is genuine. But, even if the list is fake, it's never too late to brush up on the rules. So, free of charge, here are some tips and tricks for you guys. You're welcome. 

RELATED: Tumblr's Big Gaping iOS Password Security Hole

Lesson 1: Don't use "congress" in your password. Putting a series of numbers, an exclamation point, or other symbols after the word "congress" does not make it a smart choice. And, yet, 20 people on this list used some iteration of "congress" to protect their government emails. Considering every single person on the list works for Congress and has a house.go or senate.gov email address, the word "congress" is the most obvious choice any reasonably smart hacker would think to search. 

RELATED: Murkowski Not Impressed With Palin's 'Intellectual Curiosity'

Lesson 2: "Republican" or "democrat" is dumb, too. For the same reason as above, the two people on the list who chose their party as their password need to change that. Especially the guy who picked "TX32republican!" Do you happen to work for Pete Sessions, the Republican congressman for Texas's 32nd district? See how easy that was. 

RELATED: Top Tweets: SOTU Pre-Game Edition

Lesson 3: States with numbers are also incredibly obvious. Quite a few people on the list decided to use the state they worked for plus the congressional district number. That's only slightly less obvious than "congress" and makes matching the username to the password even easier, since "California20th" can match up with a very particular House member and all he or she's particular staffers. 

RELATED: Here Comes the Omnibus--Batten Down the Hatches!

Lesson 4: Never, ever use any part of your name. Hey Justine Sessions, is your password #JustineSessions83? On that note, were you born in 1983? 

RELATED: Jim DeMint's Roadblock: an 'Undemocratic' Move?

Lesson 5: The 36 people who used "password" as their password probably shouldn't be working for Congress. You guys! Password is the number one most popular, most hackable password on all the Internet. The cardinal rule of password picking is to choose anything but "password" and 12345 — putting numbers after the word doesn't make it much harder to guess, either. 

Lesson 6: Any real words are a bad idea. To the three people who chose "Starbucks," that's incredibly easy to hack. Hackers often use custom-compiled dictionaries of popular words to guess passwords. If three whole people picked the coffee chain, then it's probably on a hacker list somewhere. To be safe, any real words are bad ideas. 

Lesson 7: All your passwords are way too short. To be safe, pick something with 11 or more characters; at that point it gets much, much harder to hack. 

Or just keep your terrible passwords; it's not like government email accounts contain any important information or anything. 

View Comments