If any of the passwords to your .gov account have a variation of a Taylor Swift song in them, you might want to hit the reset button.
According to a new report by SpyCloud, a cybersecurity data analytics company, password reuse and log-in credentials based on words that are trendy in pop culture have the potential to jeopardize millions of data points and personally identifiable information.
“The list of the most common exposed passwords associated with government emails is also a cause for concern: the top three are 123456, 12345678, and password,” it said.
Federal IT systems support a vast array of public services that store information on government personnel, finances, national security and personal health. For several years, as hackers have become more sophisticated and military operations have staked more cyber real estate, the government’s budget has proposed billions to shoring up digital security.
The White House’s proposed spending plan for fiscal year 2024 outlays $74 billion for IT at civilian Federal agencies — a 13% increase from 2023 that would fund roughly 4,500 investments at 25 agencies.
Drilling down into that funding pool, the President’s Budget includes approximately $13 billion of budget authority for civilian cybersecurity-related activities.
However, cybersecurity can be beefed up with simple, virtually costless measures like fortifying passwords as a first line of defense.
Data from SpyCloud shows a nearly 72% password reuse rate for users who were exposed in two or more cyber breaches in the last year, an eight point increase from last year.
“Government employees also show the same poor hygiene habits as their peers in the private sector,” it said. “Password reuse by government employees remains high – 61% of users with more than one password exposed in the last year were guilty of reusing passwords across multiple accounts.”
Within a sample of government contractors, it also found 24,000 malware infections exposing plaintext passwords and admin credentials.
Overall, cybersecurity incidents within government grew by 95% globally in 2022, with China, India and the U.S. as the most targeted. The same year, there were 695 breaches containing .gov emails, up 14% from the year before.
Because passwords can play such an outsized role in whether a breach is successful, the report also noted a general phenomenon in the private and public sector wherein passwords reflect whatever is trending in popular culture.
For example, what topped the music charts also topped the list of exposed passwords, SpyCloud found. Taylor Swift’s highly anticipated 10th album “Midnights” resulted in many passwords like “taylor,” “swiftie” and “midnights.” Bad Bunny was Spotify’s most-streamed artist in 2022 and inspired passcodes related to his most popular songs.
“As expected, top recaptured popular passwords also included russia/russian war, ukraine/ukraine war, and trump,” the report said.
Molly Weisner is a staff reporter for Federal Times where she covers labor, policy and contracting pertaining to the government workforce. She made previous stops at USA Today and McClatchy as a digital producer, and worked at The New York Times as a copy editor. Molly majored in journalism at the University of North Carolina at Chapel Hill.