Office of Inspector General PBGC should reconfigure administrative interfaces with strong, unique passwords that are difficult to guess. Ideally, passphrases should be used instead of passwords. These passphrases should contain a mixture of uppercase characters, lowercase characters, numbers and symbols.
Software that is no longer supported or receiving regular security updates from the vendor should be upgraded to supported versions with relevant security patches.
PBGC should replace invalid certificates with those issued by a trusted Certificate Authority. Additionally, user security training should be implemented to promote user skepticism when dealing with invalid certificates while accessing web resources.