Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

Strong passwords are especially important for government websites

May 31, 2010 By ei2admin

Many government procurement web sites are secure sites that require vendors to establish passwords in order to gain access.  What many people don’t understand is that there is a real need for selecting good passwords.

Identity theft could be just a minor consequence of establishing a weak password on a government site.  Actual theft — theft of payments made by the government to a vendor — can result from lack of serious attention being given to password selection.

A data security firm in 2010 analyzed 32 million passwords that a hacker stole from an application developer called rockyou.com, and  published a report of the findings earlier this year – including the 10 most-commonly used passwords.  As you can see below, all 10 of these most-commonly used passwords are terrible:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Hackers and others intent on stealing or changing your on-line information can easily guess any of these 10 passwords.  In fact, people who want to do you harm have sophisticated automated programs that guess at probable passwords until they discover the correct letter/number combination.

You might be curious about Entry No. 7, “rockyou.”   You might think it’s uncommon enough to be a good password.   Hardly.  “Rockyou” is actually the name of the web site for which the users created the password.  These users’ Amazon.com and Audible.com passwords are probably “amazon” and “audible,” respectively!

It is estimated that nearly half of all passwords can be easily guessed — they include the users’ names, common dictionary words, and strings of consecutive numbers, according to the report.

Weak passwords represent a problem on any web site.  But weak passwords — and lack of password security — on government web sites can cause especially serious problems.

Let’s take the System for Award Management (SAM), for example.  SAM is the federal government’s vendor database, containing information on more than 650,000 businesses.  All of the data is entered by vendors themselves, including bank routing information on each business.  This information is used by federal agencies to facilitate electronic payments for contract work performed.

A hacker who successfully guesses at a SAM registrant’s password can both steal and edit that vendor’s bank routing number.  Armed with bank account information, the evil-doer might be able to withdraw funds from a vendor’s bank account.  In addition, by changing a vendor’s bank routing information in CCR, an even more insidious act is set in motion.  A hacker can just sit back and wait for the government to electronically transfer contract payments … right into the hacker’s off-shore account on the other side of the world.

In this scenario, the vendor has delivered a product or performed work  for the government, the government paid, and the hacker benefitted — all caused by either selection of a weak password or by sloppy handling of a password.

As Michael Hardy, managing editor of the 1105 Government Information Group, recently observed: “You might think that after nearly two decades of data breaches, identity theft and other online risks, your average end user would understand by now the importance of creating strong passwords and protecting them.   You would be wrong.”

To paraphrase, you should give serious thought to the selection of passwords — especially on government web sites — and then keep them secret.

“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyberattacks: With only minimal effort, a hacker can gain access to one new account every second — or 1,000 accounts every 17 minutes,” said Amichai Shulman, Imperva’s chief technology officer, in a written statement that accompanied the release of the report referenced earlier in this article.   “The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine.”

© 2010, 2015 Georgia Tech Procurement Assistance Center – All Rights Reserved.

Filed Under: Contracting Tips Tagged With: CCR, government contract training, government contracting, government trends, technology

Recent Posts

  • Georgia Tech creates new Office of Corporate Engagement
  • Federal contractor indicted for stealing over $1.2 million from the U.S. Postal Service
  • SBA hosting “Contract Bonds and Surety Bond Guarantee” webinar April 20th
  • GSA hosting “Getting on the GSA Schedule” webinar April 13th
  • NIH hosting 2021 small business program conference April 26-30th

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

Federal contractor indicted for stealing over $1.2 million from the U.S. Postal Service

CMMC announces new advisory council to collect industry feedback

EEOC announces April 26 opening date for the collection of 2019 and 2020 EEO-1 component 1 data

Contractors line up to rebuild MARTA’s Five Points Station

GDOT announces $828.8 million in projects to transform Ga. 316

Read More

Contracting Tips

A whole new marketplace: GSA’s “commercial platforms” initiative

CRS Reports: Mentor-Protégé programs and small business size standards

CRS Report: Small businesses and COVID-19, relief and assistance resources

How do I find out what the government is buying?

Past performance isn’t always a required evaluation factor, says GAO

Read More

GTPAC News

SBA hosting “Contract Bonds and Surety Bond Guarantee” webinar April 20th

GSA hosting “Getting on the GSA Schedule” webinar April 13th

NIH hosting 2021 small business program conference April 26-30th

Defense Counterintelligence and Security Agency hosting industry day and matchmaking May 6th and 20th

Missile Defense Agency hosting virtual conference May 11-13th

Read More

Georgia Tech News

Georgia Tech creates new Office of Corporate Engagement

Delta Jacket wins 2021 Georgia Tech InVenture prize

Future of 5G is under the microscope at Georgia incubator

Collective worm and robot “blobs” protect individuals, swarm together

The Partnership for Inclusive Innovation is now accepting applications for pilot programs

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute