Change Default Passwords
Default passwords, the built in passwords designed into your system by the vendor, are an easy route in to your systems by hackers. They are not secret so easily targeted by hackers. Default passwords should always be changed.
What are default passwords?
Default passwords are the user ID/password pairs that are preinstalled into an operating system, database or software by the vendor. The same user ID and password is used across all copies of a version of software. They can be easily found in product documentation and lists available on the internet so present a huge security risk.
Attackers can easily obtain default passwords and identify internet-connected target systems. With knowledge of the password and network access to a system the attacker can log in, usually with root or administrative privileges.
Change default passwords
All default vendor-supplied passwords that come with any system or software should be changed before deployment. Pay particular attention to essential infrastructure devices such as routers, wireless access points, and firewalls. Vendors can provide guidance on how to change them.
Carry out a regular check of system devices and software, specifically to look for unchanged default passwords.