It seems that even IT admins, who should know better, aren’t even using strong passwords to secure portals.
Research from cybersecurity firm Outpost24 has found that out of close to two million admin passwords, over 40,000 of them were simply ‘admin’, a common default password that is supposed to be changed after initial access.
The credentials the firm gathered came from leaks via infostealing malware used by bad actors. Although many of these passwords were not stored in plain text, it said that it was able to guess them quite easily.
Easy cracking
Outpost24 found that there were plenty of other weak passwords besides ‘admin’ and its variations too, including ‘123456’ (and other similar numerical sequences), ‘Password’, and ‘demo’.
Admin portals could be valuable to threat actors, as they could contain configuration and security settings, or allow access to customer info and large databases.
The story is an all too familar one. Numerous studies have found that when people are left to their own devices to create passwords, they routinely use the weakest ones possible, for the sake of convenience.
For instance, Keeper Security found that out of the 8,000 users it surveyed, three-quarters didn’t follow the recommended password guidelines, with two thirds using weak or the same password across various accounts.
In its recommendations for staying safe, Outpost24 says organizations should use endpoint protection and a detection response solution, as well as disabling password saving and autofill in web browsers. They should also double check domain names when they are being redirected to different pages to make sure they are genuine.
Using one of the best business password manager solutions can also be a huge benefit for firms, allowing strong and unique passwords to be created with ease, and stored securely in a cloud vault that can be managed by admins to grant or restrict access to employees as required.