Have you ever bought a computer, laptop or other ‘Internet of Things’ device and when it comes to the log in username or password, thought it easier just to keep the one that has already been set up by the manufacturer? I mean, they’re the experts, they know what they’re doing when it comes to keeping my device secure…WRONG!
A default password, as they are called, if unchanged, presents a serious security risk. These passwords have only been provided as part of the initial setup or after resetting to factory defaults and are most definitely a full-blown cyber security measure. And it’s not just computers and laptops, it’s your Wi-Fi routers, home CCTV systems and other smart devices that come with pre-set passwords.
In fact, it poses such a threat that the government is now proposing a law to make it illegal to ship products with single, universal passwords!
Typical examples of default passwords include admin, password, changeme and guest and are easily found through an internet search making them easy targets for criminals too. Many can be found with a simple internet search.
Top 10 user/password combinations being used to try and access a website
If the username and password of a system can be accessed by an attacker easily, regardless of how secure the system is otherwise, it is now highly vulnerable and at risk. Once in, the cyber criminal can alter all security configurations to allow the infiltration of new software and you could now face a huge data breach. This is why the administrative login to any system is what most hackers target first!
To protect yourselves you can:
1. Change all default passwords before you start using the device.
2. Carry out a regular check of system devices and software, specifically to look for unchanged default passwords.
3. Prioritise essential infrastructure devices.
To stay ahead of cyber criminals, sign up for the WCRC membership and speak with a member of the team to determine your current cyber resilience.