The United Kingdom Parliament Hack: Passwords as a Cybersecurity Achilles Heel

The institutions of western democracies have been under a sustained cyber assault from skilled hackers for the past year. The government of the United Kingdom (UK) appears to have been the most recent victim. In this case, attackers targeted the email accounts of 90 lawmakers in Parliament at the end of June. This incident, however, seems to have been the work not of professionals operating on behalf of a national government but rather of amateurs “arsing around.” Regardless of who was responsible, one thing stands out from this episode: passwords are an outdated and dangerous way of controlling access to sensitive information.

 

In the UK Parliament hack, as with many other recent breaches, the perpetrators exploited “primitive and easily discovered passwords” to access email accounts. With the frequency of cyber attacks afflicting the world, there are vast troves of stolen credentials available on the web for immediate download. Being lazy and creatures of habit, people often reuse the same predictable passwords between sites. Clever attackers can also trick unsuspecting users into giving them up. Even prominent individuals like politicians and their staff members, who should be on guard against these threats, make such mistakes. Combined with the fact that the UK Parliament was only just beginning to use multi-factor authentication to protect some accounts, the hackers were able to steal data from many politicians after correctly guessing their passwords.

 

The problem, as the UK Parliamentary Digital Service acknowledged in the aftermath of the incident, is that “passwords will always be a weak point regardless of how clever the technology gets.” Although most webmail services encrypt data in transit, rarely do attackers attempt to intercept it at this stage. No matter the strength of the encryption used when data is flowing across the internet, it is often vulnerable at rest on poorly-defended servers. Password portals are usually all that stand between a hacker and troves of sensitive information.

 

Thankfully, there is a solution to this problem. PreVeil’s unique architecture dispenses with passwords altogether. Using essentially unbreakable 77-digit keys stored locally on your mobile device or computer, PreVeil encrypts all information from end-to-end, protecting it both at rest and in transit. There are no passwords to remember, and all of your communications are secure by default. Rather than having to use a slew of complex characters to protect and access your data, you can simply rely on PreVeil’s elegant solution to encrypt every message you send or receive.

 

As the number and severity of cyber threats multiply, expect to see a similar increase in breaches resulting from the inherent security weaknesses of passwords. As the Achilles Heel of most communications systems, hackers will almost always start their attack by trying to guess or steal user-generated credentials. Those serving in senior government positions – like the UK politicians recently hacked – must take proactive measures to secure their systems against both pranksters and determined adversaries backed by nation-states. PreVeil’s unique combination of usability and security is one such tool that public servants can employ towards this end.