Experts say government employees should be trained to use better security practices that keep passwords safe from social engineering-based attacks.