Over 90 accounts on British Parliamentary computer network compromised in large scale ‘brute force’ attack

It is alarming to hear that @parliament.uk email accounts were victim to a brute force attack. I understand some 90 accounts have been compromised. These accounts had weak passwords, evidently.
  1. The digital team should not have allowed ‘weak’ passwords. Yes, we all get annoyed at being forced to pick passwords that are more than 8 characters, have a number and a special character, but there’s a good reason for it.
  2. If an incorrect password is entered more than 5 times the account should have been locked, thus stopping a brute force attack in its tracks.
  3. Let’s not immediately rush to blame the digital team. Proper investigation, etc. But it does seem that two-factor authentication needs to be enforced at all levels from now on.
 As annoying as that might be, it’s a lot less annoying than being locked out all weekend and potentially having all of your emails fall into the hands of hackers.
Updates: Two factor authentication is now required.