Admins everywhere are making this really basic password security mistake

News
By published

Guess which passwords they're using?

Password Security
Bästa tjänsterna för lösenordshantering (Image credit: Shutterstock)

It seems that even IT admins, who should know better, aren't even using strong passwords to secure portals. 

Research from cybersecurity firm Outpost24 has found that out of close to two million admin passwords, over 40,000 of them were simply 'admin', a common default password that is supposed to be changed after initial access.

The credentials the firm gathered came from leaks via infostealing malware used by bad actors. Although many of these passwords were not stored in plain text, it said that it was able to guess them quite easily.

Easy cracking

Outpost24 found that there were plenty of other weak passwords besides 'admin' and its variations too, including '123456' (and other similar numerical sequences), 'Password', and 'demo'.

Admin portals could be valuable to threat actors, as they could contain configuration and security settings, or allow access to customer info and large databases.

The story is an all too familar one. Numerous studies have found that when people are left to their own devices to create passwords, they routinely use the weakest ones possible, for the sake of convenience.

For instance, Keeper Security found that out of the 8,000 users it surveyed, three-quarters didn't follow the recommended password guidelines, with two thirds using weak or the same password across various accounts.

In its recommendations for staying safe, Outpost24 says organizations should use endpoint protection and a detection response solution, as well as disabling password saving and autofill in web browsers. They should also double check domain names when they are being redirected to different pages to make sure they are genuine.

Using one of the best business password manager solutions can also be a huge benefit for firms, allowing strong and unique passwords to be created with ease, and stored securely in a cloud vault that can be managed by admins to grant or restrict access to employees as required.

MORE FROM TECHRADAR PRO

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he gained experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.