How Using A Default Password Can Put Your Business At Risk
If it says 'changeme', please take the hint.
The importance of strong passwords should be obvious, yet when it comes to IT hardware an alarming number of people never bother to set a password at all. Instead, they stick with the default password and happily go about using their equipment – completely oblivious to the danger of their inaction.
Users with limited technical knowledge may have routers, for example, with username/password combinations like ‘admin/admin’. Even more worrying, passwords like ‘changeme’ are surprisingly common as well.
These default passwords are needed, because they enable users to initially set up their new equipment and to access configuration options when they have to reset their hardware. For example, if you forget your username and password, you can wipe your device (normally by pressing a physical button), and then use the default password to gain entry to the configuration menus.
But the default password should never be left as it is. It’s not always possible to change the username too, but if it is, that should be amended as well. As ever, the usual methods of creating a strong password apply, including the use of a password manager, if you prefer.
As you can probably guess, the problem with not making these changes is that you risk leaving your IT solutions open to unwanted access. In the case of a router, third parties could get control of your network and get up to all sorts of mischief, from diverting web traffic to dodgy sites to installing malware on your systems.
It’s not just routers that are affected by this, though. Practically any device that uses passwords for security will have a default password built in. Security cameras, for example, that can accessed by their owners over the internet, can also be accessed by just about anyone else who can work out what the password is. And if the password is the default one, it won’t take them very long. People compile comprehensive lists of default logins for all sorts of devices including routers and cameras (all information that can be freely accessed from user manuals anyway), which they then post online. The result is sites like Insecam, where visitors can view the output from hundreds of cameras that are using default passwords.
In a time when cyber crime is becoming more and more of a problem, it’s astonishing to think that people could fail on such a simple security measure as changing a password. What’s more, as the camera feeds at Insecam suggest, many of these devices are located in business premises or in public locations (meaning they’re possibly owned by local authorities). Such organisations should have cyber security right at the top of their priorities.
The moral of the story, of course, is don’t use default login details. Change them as soon as possible. And if you ever find a friend, colleague or family member using default logins, politely explain to them why it’s a bad idea.
What security holes are lurking in your business? Contact us to arrange a free security audit.