Where a device needs a
username
A user is a person who utilizes a computer or network service.
A user often has a user account and is identified to the system by a username (or user name). Other terms for username include login name, screenname (or screen name), accoun ...
and/or
password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
to log in, a default password is
usually provided that allows the device to be accessed during its initial setup, or after resetting to
factory defaults.
Manufacturers of such equipment typically use a simple password, such as ''admin'' or ''password'' on all equipment they ship, in the expectation that users will change the password during
configuration. The default username and password is usually found in the instruction manual (common for all devices) or on the device itself.
Default passwords are one of the major contributing factors to large-scale compromises of
home router
A residential gateway is a small consumer-grade gateway_(telecommunications), gateway which bridging (networking), bridges network access between connected local area network (LAN) hosts to a wide area network (WAN) (such as the Internet) via a mod ...
s. Leaving such a password on devices available to the public is a huge security risk.
Some devices (such as
wireless router
A wireless router is a device that performs the functions of a router and also includes the functions of a wireless access point. It is used to provide access to the Internet or a private computer network. Depending on the manufacturer and mode ...
s) will come with uniqu
default router username and passwordsprinted on a sticker, which is a more secure option than a common default password. Some vendors will however derive the password from the device's
MAC address
A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking techno ...
using a known algorithm, in which case the password can be also easily reproduced by attackers.
[{{cite web , url=http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-algorithm/ , title=Reversing D-Link's WPS Pin Algorithm , publisher=Embedded Device Hacking , date=31 October 2014 , accessdate=June 16, 2015]
Default access
To access internet-connected devices on a network, a user must know its default
IP address
An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
. Manufacturers typically use
192.168.1.1
/code>, and also 10.0.0.1
/code
default router's IP address
however, some will have variations on this. Similarly to login details, leaving this unchanged can lead to security issues.
See also
* Backdoor (computing)
A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus compu ...
* Internet of things
The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other comm ...
* Cyber-security regulation
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Tr ...
References
Password authentication
Computer security exploits