Default password

Where a device needs a username and/or password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, or after resetting to factory defaults.

Manufacturers of such equipment typically use a simple password, such as admin or password on all equipment they ship, in the expectation that users will change the password during configuration. The default username and password is usually found in the instruction manual (common for all devices) or on the device itself.

Default passwords are one of the major contributing factors to large-scale compromises of home routers.[1] Leaving such a password on devices available to the public is a huge security risk.[2]

Some devices (such as wireless routers) will come with unique default passwords printed on a sticker, which is more secure option than a common default password. Some vendors will however derive the password from the device's MAC address using a known algorithm, in which case the password can be also easily reproduced by attackers.[3]

See also

References

  1. "Owning Your Home Network: Router Security Revisited" (PDF). Arxiv.org.
  2. "The Risk of Default Passwords". Security Laboratory: Methods of Attack Series. SANS. Retrieved June 16, 2015.
  3. "Reversing D-Link’s WPS Pin Algorithm". Embedded Device Hacking. 31 October 2014. Retrieved June 16, 2015.

External links

Examples of default password databases:

This article is issued from Wikipedia - version of the Saturday, June 27, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.