Browse Definitions :

default password

What is a default password?

A default password is a standard preconfigured password for a device or software. Such passwords are the default configuration for many devices and, if unchanged, present a serious security risk.

Default passwords are intended to be placeholders and used only for the initial setup of hardware or after a factory reset. The user enters the password and is usually prompted to change it as part of the process, but not always.

Examples of default passwords include admin, password and guest. When vendors use these single default passwords, they can be easily found online through search or on websites that provide compiled lists. This makes them a large security risk if left unchanged.

What are default passwords used for?

Default passwords are commonly used for routers, access points, switches and firewalls. They're also common in embedded systems, industrial control systems (ICS) and remote terminal interfaces.

password hygiene shortcomings
Users often neglect password best practices in numerous ways, according to Ponemon Institute research.

Why are default passwords a security risk?

Left unchanged, default passwords provide an easy attack vector for network equipment; if the owner also connects to a corporate network, that risk extends to the business as well. An attacker who logs into a device successfully is likely to have administrative-level access. This gives them complete control over the device and any connected networks.

The risk is also severe with embedded systems and ICS security because these environments weren't originally intended to be accessible over the internet. However, given today's IoT environments, almost anything can be made available via an internet connection, and while there are many benefits to IoT connectivity, enhanced security isn't among them.

How can default passwords be mitigated?

Default passwords are a well-known security risk that can easily be mitigated by changing them to strong, unique ones.

This should be done for every device on a network, including routers, switches and access points. For more sensitive devices, such as those used in ICS security or supervisory control and data acquisition (SCADA), it's also important to change the default username.

What are the characteristics of a strong password?

The following are some characteristics of a strong password:

  • at least 8 characters long;
  • a mix of upper and lowercase letters, numbers and symbols;
  • not a dictionary word or a word that's easily guessed;
  • changed regularly; and
  • not reused on other accounts.
password vs. passphrase
Converting a common passphrase such as I have 2 Labrador retrievers! Fido and Spot into Ih2Lr!F+S is not only easy to remember, but more secure and harder to hack.

How should passwords be stored?

Passwords should be stored in a password manager. This is a piece of software that stores passwords securely, encrypting them so that they can only be accessed with a master password. A password manager can generate strong passwords and help manage different ones for various accounts.

When choosing a password manager, look for one that offers two-factor authentication (2FA) or multi-factor authentication (MFA).

As mentioned above, this adds an extra layer of security by requiring the user to confirm their identity with a second factor, such as a fingerprint, PIN or one-time code sent to their phone.

Learn how to prevent password attacks and other unauthorized threats, discover the top cybersecurity best practices to protect your business and explore five important password hygiene tips and best practices.

This was last updated in October 2022

Continue Reading About default password

  • CSU/DSU (Channel Service Unit/Data Service Unit)

    A CSU/DSU (Channel Service Unit/Data Service Unit) is a hardware device about the size of a modem. It converts a digital data ...

  • data streaming

    Data streaming is the continuous transfer of data from one or more sources at a steady, high speed for processing into specific ...

  • secure access service edge (SASE)

    Secure access service edge, also known as SASE and pronounced sassy, is a cloud architecture model that bundles network and ...

  • recruitment process outsourcing (RPO)

    Recruitment process outsourcing (RPO) is when an employer turns the responsibility of finding potential job candidates over to a ...

  • human resources (HR) generalist

    A human resources generalist is an HR professional who handles the daily responsibilities of talent management, employee ...

  • employee lifecycle

    The employee lifecycle is a human resources model that identifies the different stages a worker advances through in an ...

Customer Experience
  • Adobe Experience Platform

    Adobe Experience Platform is a suite of customer experience management (CXM) solutions from Adobe.

  • virtual assistant (AI assistant)

    A virtual assistant, also called an AI assistant or digital assistant, is an application program that understands natural ...

  • inbound marketing

    Inbound marketing is a strategy that focuses on attracting customers, or leads, via company-created internet content, thereby ...