New research conducted by cybersecurity firm Outpost24 has brought to light a concerning trend among IT administrators when it comes to password security. The analysis, which examined over 1.8 million passwords, revealed that the most popular password among IT administrators was surprisingly “admin,” with over 40,000 entries. This finding sheds light on the continued acceptance of default passwords, raising concerns about the security practices within the IT industry.
The significance of this research is particularly relevant in light of recent legislation introduced by various governments aimed at banning the use of default passwords. In the United Kingdom, the government’s Product Security and Telecommunication Infrastructure (PSTII) Bill supports this measure, while the state of California has enacted the default password law (Senate Bill 327). These regulations highlight the growing recognition of the security vulnerabilities associated with default passwords and the importance of stronger password practices.
Default passwords, also known as admin passwords, are preconfigured passwords that are typically associated with the default account of a system, device, or application. They are primarily intended for initial setup and are often widely known or easily accessible through product documentation. Unfortunately, default passwords have become one of the easiest entry points for cyber attackers, making them a significant security risk.
Outpost24 gathered the data for this research using their Threat Intelligence solution, Threat Compass. The data was obtained from credential stealer software, reflecting the rise in organized cybercriminal groups specializing in malware delivery, such as the notorious Traffers teams. With cybercrime becoming increasingly sophisticated, it is crucial for organizations to prioritize robust security practices, including strong password management.
To specifically focus their analysis on administrator passwords, Outpost24 examined the statistical data stored in the backend of Threat Compass for pages identified as Admin portals. Their research uncovered a total of 1.8 million passwords recovered between January and September of 2023. The top three most commonly used admin passwords discovered were “admin,” “1234556,” and “12345678.”
Experts in the field emphasize the importance of administrators steering clear of default passwords and instead opting for unique, lengthy, and strong passwords for each account. It is also advisable to implement additional security measures to enhance password security. These may include multi-factor authentication, password encryption, and regular password updates.
The findings of this research serve as a wake-up call for IT administrators and organizations alike. With cyber threats becoming increasingly sophisticated and prevalent, the security of passwords can no longer be taken for granted. It is crucial for organizations to prioritize the implementation of secure password policies and practices, involving IT administrators in regular training and awareness programs.
In conclusion, Outpost24’s research highlights the concerning prevalence of default passwords among IT administrators, reinforcing the urgent need for stronger password practices. By addressing this issue and adopting robust security measures, organizations can significantly enhance their overall cybersecurity posture and protect themselves against ever-evolving cyber threats.