Most of us are pretty bad at coming up with secure passwords. But as it turns out, we may not be alone: U.S government agencies and their employees are just as challenged as the rest of us.

Several government agencies, including the Department of Homeland Security, the Internal Revenue Service and the Nuclear Regulatory Commission — all of which store highly sensitive data — are reportedly plagued with a host of serious vulnerabilities that leave their networks open to hackers. And according to the new Senate cybersecurity report, the agencies and the employees themselves are responsible for these weaknesses.

The report reveals that, much like the general population, "password" is a common password on the agencies' computers. It also says that the agencies' systems are vulnerable because they're not reliably updated with the newest security patches, or because they have outdated antivirus programs.

Published on Tuesday, the report was written by the Republican staff of the Senate Homeland Security and Governmental Affairs Committee and based on more than 40 previous reports by inspectors general.

In one case, independent auditors inspecting the office of the Chief Information Officer for the Immigration and Customs Enforcement agency found that employees had left 10 passwords written down on paper, 15 sensitive documents, six unlocked laptops, and even two credit cards left in the open.

These lack of "basic steps" to secure networks, as the report put it, leaves the electrical grid, financial markets, or citizens' information vulnerable, according to Tom Coburn (R-Okla.), the ranking Republican on the committee.

"While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cybersecurity," he said in a press release, "there are very basic — and critically important — precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing."

In another unsettling example cited in the report, the Government Accountability Office has been warning the IRS about its weak passwords for six years. And at the Nuclear Regulatory Commission (NRC), employees reportedly have so little trust in the IT department that they are buying and deploying their own computers.

"NRC offices have effectively gone rogue," read the report.

Allan Friedman, a cybersecurity researcher at George Washington University and co-author of the book Cybersecurity and Cyberwar: What Everyone Needs to Know, warns that fixing these issues won't be as easy as it sounds.

Government agencies have a tougher time luring workers away from the private sector and, in general, there's a "shortage of cybersecurity talent," Friedman said. Moreover, government agencies can't be as quick in deploying new technology as private companies.

Teaching cybersecurity best practices could help but, at the end of the day, the biggest weakness in the system is always the human who picks a bad password.

"Education it's important but you can never expect every human being to be perfect all the time" Friedman told Mashable.

The full report is embedded below.

Federal Cybersecurity Report (Feb. 4, 2014)

Have something to add to this story? Share it in the comments.