It seems that even IT administrators, who should know better, don’t even use strong passwords to secure portals.
Research from cybersecurity firm Outpost24 found that of nearly two million administrator passwords, more than 40,000 were simply “admin,” a common default password that must be changed after initial access.
The credentials the company collected came from leaks via information-stealing malware used by malicious actors. Although many of these passwords were not stored in plain text, the program was able to guess them quite easily.
Easy to crack
Outpost24 discovered that there were numerous other weak passwords besides ‘admin’ and its variants, including ‘123456’ (and other similar numeric strings), ‘Password’ and ‘demo’.
Management portals can be valuable to threat actors because they can contain configuration and security settings, or provide access to customer information and large databases.
The story is all too familiar. Numerous studies have shown that when people are left to their own devices to create passwords, they routinely use the weakest possible passwords for convenience.
For example, Keeper Security found that of the 8,000 users surveyed, three-quarters did not follow recommended password guidelines, while two-thirds used a weak or the same password for different accounts.
In its recommendations to stay safe, Outpost24 says organizations should use endpoint protection and a detection response solution, as well as disable password saving and web browser autofill. They should also double-check domain names when redirecting them to different pages to make sure they are real.
Using one of the best business password management solutions can also be a great benefit to businesses, as strong and unique passwords can be easily created and stored securely in a cloud vault that can be managed by administrators to grant or deny employee access. to limit. required.