Document Type

Conference Proceeding

Publication Date

1-6-2018

Subject: LCSH

Computers--Access control--Passwords, Application software, Computer security

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.

Comments

This is the authors' accepted version of the paper published in Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST). The volume encompasses the proceedings of the 9th EAI International Conference on Digital Forensics & Cyber Crime, October 9-11 in Prague. The version of record for the proceedings volume may be purchased from the Springer web site.

The authors' extended version of the paper is attached below as a supplementary file.

Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.

DOI

10.1007/978-3-319-73697-6_15

Publisher Citation

Knieriem B., Zhang X., Levine P., Breitinger F., Baggili I. (2018) An Overview of the Usage of Default Passwords. In: Matoušek P., Schmiedecker M. (eds) Digital Forensics and Cyber Crime. ICDF2C 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 216, pp. 195-203. Springer, Cham.

Download

Share

COinS