Browse Definitions :
Definition

unique default password

Contributor(s): Matthew Haughn

A unique default password is a pre-configured password that is specific to a single device and often printed on a sticker on the device.

Many devices are configured with default passwords that are simple and easy to discover. If unchanged they present a serious security risk for many devices including routers, access points, switches,  firewalls, embedded systems and industrial control systems (ICS). Default passwords are provided by vendors online; many websites also offer compiled lists of default passwords.

Default passwords should be changed the first time they are used but too often that security measure is overlooked. Unique default passwords can provide more security, although that depends on what type of system is used. Randomly generated unique passwords are secure, as long as they aren’t made publicly available.

Unique default passwords also make it simpler and more secure for a user to return a device to default settings. The fact that the password is printed on the device makes it easy for the owner to find it but also ensures that it should only be accessible to someone in the physical location of the hardware.

Some manufacturers have used a sequence of characters from the MAC address or subjected the MAC address to a common algorithm, which negates any security benefit because although the password is unique, it is easily discovered. In the case of a Wi-Fi access point, for example, the MAC address is broadcast, so if the password is based on that, it becomes easily available.

This was last updated in August 2016

Continue Reading About unique default password

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

SearchSecurity

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified ...

  • intrusion detection system (IDS)

    An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such ...

  • Secure Shell (SSH)

    SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system ...

SearchHealthIT

SearchDisasterRecovery

SearchStorage

  • cache memory

    Cache memory, also called CPU memory, is high-speed static random access memory (SRAM) that a computer microprocessor can access ...

  • capacity management

    Capacity management is the broad term describing a variety of IT monitoring, administration and planning actions that are taken ...

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

Close