A new security audit of the United States military’s network of ballistic missiles revealed numerous cybersecurity failings, including some vulnerabilities that have been untouched for 28 years, according to a report by the Department of Defense’s inspector general released Friday. Among the long list of loopholes: a lack of data encryption, no antivirus programs, and no multifactor-authentication mechanisms. Without multifactor authentication, employees would be dangerously exposed to hackers who could collect their passwords and give attackers remote or on-premise access to America’s missile arsenal. On top of all those failings, Missile Defense Agency personnel are said to have not challenged auditors who entered buildings without proper badges, and allowed unauthorized personnel to wander around through top-secret buildings. There are 104 active ballistic-missile locations, and plans to build an additional 10. The audit made recommendations that top officials are reported to be reviewing.