时间:2025-07-08 17:53:00 来源:网络整理编辑:時尚
When it comes to United States Senate email accounts, you'd think the powers that be would enact a b
When it comes to United States Senate email accounts, you'd think the powers that be would enact a basic security feature that even Yahoo Mail and AOL have down.
Shocker: You would be wrong.
SEE ALSO:The best thing you can do to protect yourself from hackersAs an April 20 open letter from Oregon Senator Ron Wyden makes clear, Senate email accounts lack the option to enable two-factor authentication. Like, senators can't turn it on even if they want to.
"As you know, the cybersecurity and foreign intelligence threats directed at Congress aresignificant," wrote Wyden in the letter addressed to two Senate colleagues. "However, the Senate is far behind when it comes to implementing basic cybersecurity practices like two-factor authentication."
What exactly is two-factor authentication (2FA), and why does this matter? Let's let the experts over at the Electronic Frontier Foundation explain.
"Login systems that require only a username and password risk being broken when someone else can obtain (or guess) those pieces of information," notes the organization. "Services that offer two-factor authentication also require you to provide a separate confirmation that you are who you say you are. The second factor could be a one-off secret code, a number generated by a program running on a mobile device, or a device that you carry and that you can use to confirm who you are."
An easy-to-grasp example of 2FA is your bank ATM card. In order to withdraw cash, you need the PIN (something you know) and the card itself (something you have). Those two factors combine to allow you, and hopefully only you, to access to your hard-earned dollars.
With 2FA turned on, even if someone gains your email password (like maybe just possibly through a phishing attack) they still lack the necessary credentials to get into your inbox. This seems like something sitting members of the United States Senate and their staff would be interested in, right?
And yet.
"Today, the Senate neither requires nor offers two-factor authentication as an additionalprotection for desktop computers and email accounts," writes Wyden. "The Senate Sergeant at Arms does require two-factor authentication for staff who wish to log in to Senate IT systems from home, using a Virtual Private Network. This is a good first step, but the Senate must go further and embrace two-factor authentication for the workplace, and not just for staff connecting from home."
Offering 2FA is often viewed as one of several basic security litmus tests for online services. Gmail, Twitter, Facebook, AOL, and even the much-maligned Yahoo Mail make it easy to turn this on — meaning your grandmother's email account is potentially more secure than your senator's.
As that depressing little nugget of information sinks in, Wyden hits us with a jaw-dropping follow. The executive branch, you see, offers employees Personal Identity Verification (PIV) cards which contain smart chips. The chips work as part of a 2FA system for employees to log into computers. The senate also offers PIV cards, Wyden tells us, but these don't have smart chips.
What do they have instead?
"[In] contrast to the executive branch's widespread adoption of PIV cards with a smartchip, most senate staff ID cards have a photo of a chip printed on them, rather than a real chip."
That's right, a photo of a chip printed on them.
So, to recap: Senate email accounts aren't protected by 2FA, and most Senate staff ID cards have fake smart chips.
Next on the agenda, we assume, is the revelation that the password to each and every senators' personal voicemail account is just "0000."
TopicsCybersecurityYahoo
Ivanka Trump's unpaid interns share cringeworthy financial advice2025-07-08 17:41
什琴斯尼兩失誤斷送好局!囧叔卻力挺 :他歐冠首發2025-07-08 16:52
越南國腳需應對缺乏比賽問題 沙特聯賽照常球員以賽代練2025-07-08 16:36
越老越妖 !伊布替補登場僅7分鍾就進球 鞋帶還未係好2025-07-08 16:20
5 people Tim Cook calls for advice on running the biggest company in the world2025-07-08 16:14
薩拉赫一戰迎三大裏程碑 英超百球效率榜高居第五2025-07-08 16:14
深度 :國足沙迦集訓正式開啟 李鐵戰越南需解決兩大難題2025-07-08 16:07
國足開局不順在足協高層意料之中 保障力度繼續加大2025-07-08 15:40
U.S. government issues warning on McDonald's recalled wearable devices2025-07-08 15:28
慘淡!熱刺遭賽季英超首敗 半場0射門被水晶宮吊打2025-07-08 15:27
Tesla's rumored P100D could make Ludicrous mode even more Ludicrous2025-07-08 17:47
C羅:在賽前一度非常緊張 整晚都在想著要踢好首秀2025-07-08 17:26
薩拉赫一戰迎三大裏程碑 英超百球效率榜高居第五2025-07-08 17:06
歐文 :無論你喜不喜歡曼聯 隻要看到C羅進球都會笑2025-07-08 17:04
Man stumbles upon his phone background in real life2025-07-08 16:29
登貝萊將留隊征戰足協杯 湊齊四外援廣州城有想法?2025-07-08 16:23
女權組織雇飛機在夢劇場拉標語 抗議C羅曾涉嫌強奸2025-07-08 15:44
4戰3勝1平 !切爾西初露冠軍相 達成600勝裏程碑2025-07-08 15:36
Over 82,000 evacuate as Blue Cut fire rapidly spreads in southern California2025-07-08 15:22
豪取三連勝 !米蘭新賽季強勢來襲 暫登意甲榜首2025-07-08 15:06