Admins everywhere are making this really basic password security mistake

News
By published

Guess which passwords they're using?

Password Security
Bästa tjänsterna för lösenordshantering (Image credit: Shutterstock)

It seems that even IT admins, who should know better, aren't even using strong passwords to secure portals. 

Research from cybersecurity firm Outpost24 has found that out of close to two million admin passwords, over 40,000 of them were simply 'admin', a common default password that is supposed to be changed after initial access.

The credentials the firm gathered came from leaks via infostealing malware used by bad actors. Although many of these passwords were not stored in plain text, it said that it was able to guess them quite easily.

Easy cracking

Outpost24 found that there were plenty of other weak passwords besides 'admin' and its variations too, including '123456' (and other similar numerical sequences), 'Password', and 'demo'.

Admin portals could be valuable to threat actors, as they could contain configuration and security settings, or allow access to customer info and large databases.

The story is an all too familar one. Numerous studies have found that when people are left to their own devices to create passwords, they routinely use the weakest ones possible, for the sake of convenience.

For instance, Keeper Security found that out of the 8,000 users it surveyed, three-quarters didn't follow the recommended password guidelines, with two thirds using weak or the same password across various accounts.

In its recommendations for staying safe, Outpost24 says organizations should use endpoint protection and a detection response solution, as well as disabling password saving and autofill in web browsers. They should also double check domain names when they are being redirected to different pages to make sure they are genuine.

Using one of the best business password manager solutions can also be a huge benefit for firms, allowing strong and unique passwords to be created with ease, and stored securely in a cloud vault that can be managed by admins to grant or restrict access to employees as required.

MORE FROM TECHRADAR PRO

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Young woman working at a coffee shop with a laptop
Too many passwords, not enough brain space? Here’s how password managers can improve your life
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
A hand laying out a password
Security attacks on password managers have soared
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
A Lego Pikachu tail next to a Pebble OS watch and a screenshot of Assassin's Creed Shadow
ICYMI: the week's 7 biggest tech stories from LG's excellent new OLED TV to our Assassin's Creed Shadow review
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Logitech Pro Racing Wheel for PlayStation

Whether on your desk or in a racing rig, the Logitech G Pro Racing Wheel will satisfy your craving for realistic racing
See more latest
Most Popular
A bloodied Mark staring at an off-screen Helly as Gemma screams at him from behind an exit door in Severance season 2 episode 10
Severance season 3: everything we know so far about the wildly popular Apple TV+ show's next chapter
Nvidia DGX Spark AI supercomputer
Project Digits is now DGX Spark: Nvidia raises its price by 33% as HPE, Dell jump on Petaflop mini AI bandwagon
ChatGPT workout
I use ChatGPT to hit my fitness and exercise goals – here are 7 prompts to help you get in shape using AI
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
The AmpereOne CPU
Softbank set to buy Ampere Computing for $6.5 billion and could integrate it with Arm and Graphcore
A Lego Pikachu tail next to a Pebble OS watch and a screenshot of Assassin's Creed Shadow
ICYMI: the week's 7 biggest tech stories from LG's excellent new OLED TV to our Assassin's Creed Shadow review
A SCUBA Diver Checks An Undersea Cable
Startup wants to mitigate risk of state-actor underwater fibre optic cable sabotage by using a decades-old technique
Nvidia Quantum-X and Spectrum-X Silicon Photonics
Nvidia is planning post-copper 1.6Tbps network tech to connect millions of GPUs as it unveils photonics networking gear at GTC 2025
Uperfect 23.8-inch dual foldable display
This is the largest dual-screen monitor I've ever seen, and at almost 24 inches each, it's bigger than a 43-inch super wide display
Apple Mac Studio
Apple Mac Studio M3 Ultra workstation can run Deepseek R1 671B AI model entirely in memory using less than 200W, reviewer finds