The headline:
Over 1400 Western Australian government officials used 'Password123' as their password
The article:
https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12111916
The article lede provides summary stats:
"A security audit of the Western Australian government released this week by the state's auditor general found that 26 per cent of its officials had weak, common passwords -- including more than 5,000 including the word 'password' out of 234,000 in 17 government agencies.
"The legions of lazy passwords were exactly what you - or a thrilled hacker - would expect: 1,464 people went for 'Password123' and 813 used 'password1.' Nearly 200 individuals simply used "password," perhaps never changing it to begin with. Almost 13,000 used variations of the date and season, and almost 7,000 included versions of '123.' "
=-=-=
None of this should surprise anyone. The article says the government's near term solution is to give workers better ways to store passwords securely. That action will help, but is only a band-aid on the broad challenge of computer device and account access authentication.
My thoughts on this subject continue at my blog:
https://cragins.blogspot.com/2018/08/password-panic-in-western-oz.html
Another example of compliance, security awareness and adherence to mandatory standards gone wrong.
Another case of the broken chain of trust - taking only one link to be weak to reduce the effectiveness of controls. Unfortunately, within the Public Sector, clients don't have a choice, but within the Private Sector they do - people can simply march towards another provider - it is called "the churn rate".
Quote
"Digital trust" is now becoming an important term within the USA, and it is likely to be heard again and again all over the world - clients do have the power to move, which in some cases can be quite devastating to organisations. The Big Four consultancies expound about it, but the realisation may come later to many, but hopefully not too late for some.