From the “what were they thinking” department comes the news that the Louvre, which was burglarized on October 19, had used the weak password LOUVRE for its core security systems according documents obtained by the French newspaper Libération.
Like seriously?
Darren James, Senior Product Manager at identity management and authentication solutions provider Specops Software provided the following comments:
“Even though the audit that found this easily guessable password was from 11 years ago, it’s still something we hear a lot about today.
“The password problem isn’t just a technical issue, it’s a human behavior challenge that’s extremely difficult to correct. Passwords, and IT security in general, are often seen as one of those annoying things that stop users from getting on with their day-to-day work. They have to remember so many these days, both for their jobs and personal lives, that they tend to take the easy route: choosing easily guessable words, reusing the same password across multiple systems, or following predictable patterns. And when everything falls apart, their defense is often, “Well, I never thought it would happen to me!”
“So, what can companies do to improve this? They should take the advice of ANSSI (France), NIST (USA), and the NCSC (UK) and change their approach to passwords:
- Move away from complexity with lots of different character types. That only encourages predictable patterns. Instead, switch to longer passphrases.
- Block words that relate to your organization. This is a good use of AI; ask your favorite LLM to generate a list of 1,000 words related to your company.
- Block passwords that are already breached. If they’re out there on the dark web, why would you let someone use them?
- Remove password expiry. It doesn’t help, as users just make small changes to their regular password (for example, Summer2024 to Summer2025).
- If you do remove expiry, remember that people still often reuse their passwords. Make sure you have a solution that can continuously check your users’ passwords against a constantly updated database. That way, when they do get leaked, you can act quickly.
“And finally, help your users. When they need to change or reset their password, give them the means to do it securely, and use a reset solution that provides helpful feedback.”
This is a case study as to how not use passwords. Though there’s more in the report that highlights other failures that contributed to the thieves being able to pull off this heist. Talk about a #fail.
Like this:
Like Loading...
Related
This entry was posted on November 6, 2025 at 2:50 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
REALLY Weak Passwords Contributed To The Louvre Break In
From the “what were they thinking” department comes the news that the Louvre, which was burglarized on October 19, had used the weak password LOUVRE for its core security systems according documents obtained by the French newspaper Libération.
Like seriously?
Darren James, Senior Product Manager at identity management and authentication solutions provider Specops Software provided the following comments:
“Even though the audit that found this easily guessable password was from 11 years ago, it’s still something we hear a lot about today.
“The password problem isn’t just a technical issue, it’s a human behavior challenge that’s extremely difficult to correct. Passwords, and IT security in general, are often seen as one of those annoying things that stop users from getting on with their day-to-day work. They have to remember so many these days, both for their jobs and personal lives, that they tend to take the easy route: choosing easily guessable words, reusing the same password across multiple systems, or following predictable patterns. And when everything falls apart, their defense is often, “Well, I never thought it would happen to me!”
“So, what can companies do to improve this? They should take the advice of ANSSI (France), NIST (USA), and the NCSC (UK) and change their approach to passwords:
“And finally, help your users. When they need to change or reset their password, give them the means to do it securely, and use a reset solution that provides helpful feedback.”
This is a case study as to how not use passwords. Though there’s more in the report that highlights other failures that contributed to the thieves being able to pull off this heist. Talk about a #fail.
Share this:
Like this:
Related
This entry was posted on November 6, 2025 at 2:50 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.