Have you ever bought a computer, laptop or tablet and when it comes to the log in username or password, thought it easier just to keep the one that has already been set up by the manufacturer? I mean, they’re the experts, they know what they’re doing when it comes to keeping my device secure…WRONG!
A default password, as they are called, if unchanged, present a serious security risk. These passwords have only been provided as part of the initial setup or after resetting to factory defaults and are most definitely a full-blown cyber security measure.
In fact, it poses such a threat that the government is now proposing a law to make it illegal to ship products with single, universal passwords!
Typical examples of default passwords include admin, password, changeme and guest and are easily found through an internet search making them easy targets for criminals too.
Top 10 user/password combinations being used to try and access a website:
If the username and password of a system are already known, the attacker - whether an outside entity or an internal user - can simply and easily verify this and often with administrative freedom since most default accounts exist for the purpose of initial setup only.
With such critical information at the hands of the cybercriminal, regardless of how secure the system is otherwise, it is now highly vulnerable and at risk. Security configurations can be altered to allow broader access so that new software can be installed, accounts can be created etc. In essence, the administrative login to any system is what most hackers target first!
To protect ourselves, we must disable all default accounts where possible and create unique user accounts with strong credentials and enable two-factor authentication (2FA).
To stay ahead of cyber criminals, sign up for the ECRC membership and speak with a member of the team to determine your current cyber resilience.