401

Over 40,000 admin portal accounts use 'admin' as a password (www.bleepingcomputer.com)

submitted 8 months ago by L4s@lemmy.world to c/technology@lemmy.world

46 comments fedilink hide all child comments

Over 40,000 admin portal accounts use 'admin' as a password::Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks.

all 47 comments

sorted by: hot top controversial new old

[-] keesrif@lemmy.world 64 points 8 months ago

I find their statements a bit on the sweeping side.

Out of more than 1.8 million administrator credentials analyzed, over 40,000 entries were “admin,” showing that the default password is widely accepted by IT administrators.

That's just over 2 percent. "Widely accepted" in my book is a much larger percentage..

[-] Voltage808s@kerala.party 10 points 8 months ago

I guess its in comparison to other common passwords

[-] phx@lemmy.ca 5 points 8 months ago

2% is plenty enough to get a lot of orgs malwared. What gets me is the number of orgs that just have administrative systems internet-facing. That's the first fail

[-] smileyhead@discuss.tchncs.de 47 points 8 months ago

She was a qwerty1 girl. He was a θⰼ💑ꙩ׳Ͳ📢🦀ԉ꠷ᵭϊ⒁㇃⛭🨪ǘ⭝ᴎІ"⚌⪆㉑┦🨰꒕𝌾㇀🤃Ȁ guy.

[-] KrokanteBamischijf@feddit.nl 8 points 8 months ago

Yikes, imagine not using a password manager on that. That's some next-level numpad skills.

[-] motor_spirit@lemmy.world 2 points 8 months ago

comin in hot ddr style

[-] NHishimachi@lemmy.world 1 points 8 months ago

I like this comment.

[-] MaxVoltage@lemmy.world -4 points 8 months ago

😂 😂 😂

[-] robocall@lemmy.world 34 points 8 months ago

upgrade to, "Admin1!"

[-] scottywh@lemmy.world 26 points 8 months ago

hunter2

[-] AnarchoDakosaurus@toast.ooo 23 points 8 months ago

What does this say? All I can see is *******

[-] scottywh@lemmy.world 10 points 8 months ago

Wait... Did I type hunter2...

You can only see the stars right?

[-] jmd_akbar@aussie.zone 13 points 8 months ago

Yup... I only see the stars -

Wait... Did I type *******...

You're definitely good there. :)

[-] scottywh@lemmy.world 4 points 8 months ago

😂

[-] ShunkW@lemmy.world 8 points 8 months ago

I think I can say this now because it's been 10 years. But in one of my old jobs, I set a new windows administrator password for all assets across the organization. Previously it was 8 characters with a known word with an exclamation point added at the end.

I got the approval to set a new password that would be secure but easy to remember for the IT guys that would be using it on a daily basis. They complained about my first two choices, so I said fuck it and changed it to F0rH315ThEKwi$atzHad3rach!

I could remember it just fine. Still do to this day lol. They complained about a 14 character password before and I was tired of trying to get them on board.

As soon as I left for greener pastures, I heard they changed the password to something easy again. Oh well, not my problem anymore.

[-] kambusha@feddit.ch 14 points 8 months ago

For he is the kwisatzhaderach?

[-] ShunkW@lemmy.world 5 points 8 months ago

Yeah, a reference to Dune. I had just re-read the first three books and it came to me.

[-] toma@lemmy.omat.nl 2 points 8 months ago

Didn’t you work at NASA ?

[-] ShunkW@lemmy.world 4 points 8 months ago

No? Not sure where you got that from lol.

[-] FlyingSquid@lemmy.world 29 points 8 months ago

That's amazing! That's the same password I have on my luggage!

[-] lando55@lemmy.world 7 points 8 months ago

I'm surrounded by assholes!

[-] FlyingSquid@lemmy.world 3 points 8 months ago

Keep firing, Assholes!

[-] pdxfed@lemmy.world 2 points 8 months ago

Always work that into any discussion around passwords to find out who the kindred souls are in the room. Either instant smiles or awkward pauses, so good to sort the chaff from the wheat.

[-] ConsumptionOne@sopuli.xyz 23 points 8 months ago

1qaz2wsx!QAZ@WSX gang checking in.

[-] Rai@lemmy.dbzer0.com 2 points 8 months ago

I’m more of a

“thiS is the time to make a pa55word time?!”

kinda person.

[-] hansl@lemmy.world 2 points 8 months ago

`It’s p4sswording time!”

[-] Kbobabob@lemmy.world 17 points 8 months ago

There not really much in the article but i know a lot of stuff gets shipped with admin/admin. A lot of manufacturers are starting to ship with secure passwords and a requirement to make one on first boot.

[-] MaxVoltage@lemmy.world -3 points 8 months ago

😂

[-] maeries@feddit.de 14 points 8 months ago

Researcher just found long ago that Mb2.r5oHf-0t is the most secure Passwort. Therefore everyone should use it

[-] jaykay@lemmy.zip 14 points 8 months ago

Thank god my is qwerty123

[-] lemmyvore@feddit.nl 14 points 8 months ago

Yeah, and my password may be "admin" but the username is not, check mate scientists!

[-] Ddhuud@lemmy.world 11 points 8 months ago* (last edited 8 months ago)

I worked for an organization that was pawned by ransomware. That administered around 4500 Windows PCs. All and every one of them had an admin account that was "adminarea" and the password was "areaadmin"

[-] MeekerThanBeaker@lemmy.world 10 points 8 months ago

Majority of those accounts are probably used on portals for printer/copiers.

[-] ____@infosec.pub 3 points 8 months ago

And no doubt for a bunch of off-brand internet-connected cameras. Or, those are just totally open to the whole world. Glad to see Shodan is still up... Though I'd hoped some mfg would change their practices once it became obvious no one changes the default.

[-] banneryear1868@lemmy.world 9 points 8 months ago

Pretty sure it's a lot more than 40k

[-] HurlingDurling@lemm.ee 8 points 8 months ago

Gibson gang checking in with password "GOD"

[-] uriel238@lemmy.blahaj.zone 3 points 8 months ago

I assumed after Hackers came out every sysop would practice better password hygiene.

Shows what I know.

[-] MaxVoltage@lemmy.world -3 points 8 months ago

😂

[-] csolisr@communities.azkware.net 5 points 8 months ago

There is a chance that I once used the user 'admin' with the password ' istrator' for the laughs.

[-] MonkderZweite@feddit.ch 4 points 8 months ago

My providers router has the username locked as 'Admin'. They are pretty decent otherwise.

[-] hansl@lemmy.world 6 points 8 months ago

Meh. Username shouldn’t matter anyway. Make sure the password is secure (and stored securely).

I had a loaned ISP router in the early naughts that I couldn’t change the admin password, but it was the same for all their boxes and someone posted it on my bulletin board. I changed it as soon as I could, but the techs were furious. Whatever man, I’m not letting anyone take control of my LAN because you can’t figure this shit out.

[-] art@lemmy.world 4 points 8 months ago

That's amazing! I've got the same combination on my luggage!

this post was submitted on 19 Oct 2023

401 points (97.9% liked)

Technology

55693 readers

2651 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS