Admins everywhere are making this really basic password security mistake

Password Security
Bästa tjänsterna för lösenordshantering (Image credit: Shutterstock)

It seems that even IT admins, who should know better, aren't even using strong passwords to secure portals. 

Research from cybersecurity firm Outpost24 has found that out of close to two million admin passwords, over 40,000 of them were simply 'admin', a common default password that is supposed to be changed after initial access.

The credentials the firm gathered came from leaks via infostealing malware used by bad actors. Although many of these passwords were not stored in plain text, it said that it was able to guess them quite easily.

Easy cracking

Outpost24 found that there were plenty of other weak passwords besides 'admin' and its variations too, including '123456' (and other similar numerical sequences), 'Password', and 'demo'.

Admin portals could be valuable to threat actors, as they could contain configuration and security settings, or allow access to customer info and large databases.

The story is an all too familar one. Numerous studies have found that when people are left to their own devices to create passwords, they routinely use the weakest ones possible, for the sake of convenience.

For instance, Keeper Security found that out of the 8,000 users it surveyed, three-quarters didn't follow the recommended password guidelines, with two thirds using weak or the same password across various accounts.

In its recommendations for staying safe, Outpost24 says organizations should use endpoint protection and a detection response solution, as well as disabling password saving and autofill in web browsers. They should also double check domain names when they are being redirected to different pages to make sure they are genuine.

Using one of the best business password manager solutions can also be a huge benefit for firms, allowing strong and unique passwords to be created with ease, and stored securely in a cloud vault that can be managed by admins to grant or restrict access to employees as required.

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Young woman working at a coffee shop with a laptop
Too many passwords, not enough brain space? Here’s how password managers can improve your life
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
A hand laying out a password
Security attacks on password managers have soared
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
A Lego Pikachu tail next to a Pebble OS watch and a screenshot of Assassin's Creed Shadow
ICYMI: the week's 7 biggest tech stories from LG's excellent new OLED TV to our Assassin's Creed Shadow review
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models