Computers--Access control--Passwords, Application software, Computer security
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.
Knierem, Brandon; Zhang, Xiaolu; Levine, Philip; Breitinger, Frank; and Baggili, Ibrahim, "An Overview of the Usage of Default Passwords" (2017). Electrical & Computer Engineering and Computer Science Faculty Publications. 69.
Brandon Knieriem, Xiaolu Zhang, Philip Levine, Frank Breitinger, and Ibrahim Baggili. An Overview of the Usage of Default Passwords. To appear in Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST): Proceedings of the 9th EAI International Conference on Digital Forensics & Cyber Crime.