Browse Definitions :

default password

What is a default password?

A default password is a standard preconfigured password for a device or software. Such passwords are the default configuration for many devices and, if unchanged, present a serious security risk.

Default passwords are intended to be placeholders and used only for the initial setup of hardware or after a factory reset. The user enters the password and is usually prompted to change it as part of the process, but not always.

Examples of default passwords include admin, password and guest. When vendors use these single default passwords, they can be easily found online through search or on websites that provide compiled lists. This makes them a large security risk if left unchanged.

What are default passwords used for?

Default passwords are commonly used for routers, access points, switches and firewalls. They're also common in embedded systems, industrial control systems (ICS) and remote terminal interfaces.

password hygiene shortcomings
Users often neglect password best practices in numerous ways, according to Ponemon Institute research.

Why are default passwords a security risk?

Left unchanged, default passwords provide an easy attack vector for network equipment; if the owner also connects to a corporate network, that risk extends to the business as well. An attacker who logs into a device successfully is likely to have administrative-level access. This gives them complete control over the device and any connected networks.

The risk is also severe with embedded systems and ICS security because these environments weren't originally intended to be accessible over the internet. However, given today's IoT environments, almost anything can be made available via an internet connection, and while there are many benefits to IoT connectivity, enhanced security isn't among them.

How can default passwords be mitigated?

Default passwords are a well-known security risk that can easily be mitigated by changing them to strong, unique ones.

This should be done for every device on a network, including routers, switches and access points. For more sensitive devices, such as those used in ICS security or supervisory control and data acquisition (SCADA), it's also important to change the default username.

What are the characteristics of a strong password?

The following are some characteristics of a strong password:

  • at least 8 characters long;
  • a mix of upper and lowercase letters, numbers and symbols;
  • not a dictionary word or a word that's easily guessed;
  • changed regularly; and
  • not reused on other accounts.
password vs. passphrase
Converting a common passphrase such as I have 2 Labrador retrievers! Fido and Spot into Ih2Lr!F+S is not only easy to remember, but more secure and harder to hack.

How should passwords be stored?

Passwords should be stored in a password manager. This is a piece of software that stores passwords securely, encrypting them so that they can only be accessed with a master password. A password manager can generate strong passwords and help manage different ones for various accounts.

When choosing a password manager, look for one that offers two-factor authentication (2FA) or multi-factor authentication (MFA).

As mentioned above, this adds an extra layer of security by requiring the user to confirm their identity with a second factor, such as a fingerprint, PIN or one-time code sent to their phone.

Learn how to prevent password attacks and other unauthorized threats, discover the top cybersecurity best practices to protect your business and explore five important password hygiene tips and best practices.

This was last updated in October 2022

Continue Reading About default password

  • network traffic

    Network traffic is the amount of data that moves across a network during any given time.

  • dynamic and static

    In general, dynamic means 'energetic, capable of action and/or change, or forceful,' while static means 'stationary or fixed.'

  • MAC address (media access control address)

    A MAC address (media access control address) is a 12-digit hexadecimal number assigned to each device connected to the network.

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that combines security information ...

  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from victims' bank accounts and to ...

  • Trojan horse

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing.

  • benchmark

    A benchmark is a standard or point of reference people can use to measure something else.

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with 3D data.

  • employee self-service (ESS)

    Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related ...

  • learning experience platform (LXP)

    A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (...

  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

Customer Experience
  • BOPIS (buy online, pick up in-store)

    BOPIS (buy online, pick up in-store) is a business model that allows consumers to shop and place orders online and then pick up ...

  • real-time analytics

    Real-time analytics is the use of data and related resources for analysis as soon as it enters the system.

  • database marketing

    Database marketing is a systematic approach to the gathering, consolidation and processing of consumer data.