Key Takeaways
- Changing default passwords is crucial for security to prevent easy access for hackers.
- The UK is banning devices with guessable default passwords to reduce hacking and botnet risks.
- Check for randomized default passwords on devices or change them to stronger ones to enhance security globally.
How often do you change the default passwords on your network-enabled devices? If you don’t bother with setting a new password, you may be putting your security at risk. The UK has banned the sale of devices with guessable default passwords, but even if you don’t live there, it’s well worth changing your default passwords to ensure your devices can’t be cracked.
What Is a Default Password?
When you purchase a device that can be accessed via your network, it usually comes with a default username and password. This is meant to be a placeholder account that you use during the setup to access the settings. Once you’re in, you set the username and password to something stronger, and you’re good to go.
However, sometimes, the default username and password are the same across every device; the classic setup is having the username as “admin” and the password as “admin.” Some devices will have a default password, but it’s randomly generated for each device produced. These usually come with a little sticker on the back, letting you know their unique password.
Why Are Default Passwords Being Banned in the UK?
As reported by the National Cyber Security Center, the UK passed a law that bans the sale of a network-enabled device that doesn’t protect its users by default. As per its rules:
The manufacturer must not supply devices that use default passwords, which can be easily discovered online, and shared. If the default password is used, a criminal could log into a smart device and use it to access a local network, or conduct cyber attacks.
It may seem like a heavy-handed law, but guessable passwords are a severe security flaw. If every device of the same model shares the same username and password, it can be very easy for a hacker to break into them.
In fact, there are entire databases of default usernames and passwords online, such as Data Recovery. These websites are meant to help people access their devices, but they can also be used by hackers to access other people’s networks.
Once they’re in, hackers can use these devices for all kinds of purposes. The more obvious route is using whatever device they accessed against you, such as spying on your house through your cameras or grabbing data from Wi-Fi storage devices. However, hackers can also use the processors of your devices as part of a larger botnet like the Mirai malware used as part of massive DDoS attacks.
The UK’s ban hopes to reduce the number of devices hacked every year. This, in turn, reduces the amount of information stolen and weakens botnets that depend on large numbers to achieve their goals.
Are My Device’s Default Passwords Guessable?
Not every device has a guessable default password. As we covered above, some devices come with a randomized default password printed on a sticker somewhere on the outside. These randomized passwords are usually safe to use; however, if you may have concerns about someone seeing the sticker and learning your login information, you can change it.
If your devices use default passwords that aren’t randomized, it’s a good idea to change them to an unbreakable password you can’t forget. Even if you’re not in the UK, the threat of cybersecurity is enough reason to change your login information. You can also take this time to improve your router and modem’s security.
If you’re not sure if your device’s password is randomized, search online for databases with your device’s password listed. If you can find it, so can a hacker, so get it changed ASAP. Your device’s manual should tell you how to do that.
While the ban only affects UK devices, hackers are a worldwide problem. It’s a good idea to double-check your online devices for guessable passwords and change them if you have any. Who knows, a quick change now may save you from an attack later.