Computers--Access control--Passwords, Application software, Computer security
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.
Knierem, Brandon; Zhang, Xiaolu; Levine, Philip; Breitinger, Frank; and Baggili, Ibrahim, "An Overview of the Usage of Default Passwords" (2018). Electrical & Computer Engineering and Computer Science Faculty Publications. 69.
Knieriem B., Zhang X., Levine P., Breitinger F., Baggili I. (2018) An Overview of the Usage of Default Passwords. In: Matoušek P., Schmiedecker M. (eds) Digital Forensics and Cyber Crime. ICDF2C 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 216, pp. 195-203. Springer, Cham.