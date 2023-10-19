In January of this year 2023, the company Outpost24 began to carry out a study of security systems in corporate portals using its specialized tool Threat Compass. It didn’t take long for them to be surprised. The analysis continued until last September, when they decided to end it in order to present the disturbing results.

Easy to hack systems

That is what they found in the analysis. They have detected more than 40,000 registry entries in company portal systems in which the password is simply “admin.” The total number of entries analyzed is much higher, almost 2 million, but this does not diminish the relevance of that there are so many cases in which system administrators have thought that the best option to protect their company was this word. Of course, this is a serious mistake and something that is compromising security in such an alarming way that it seems to invite cyber attacks.

In some cases, the password is kept as “admin” because it is the one the system uses as default at installation time. The username seems to be changed, possibly to personalize it depending on the access to be made or the person who intends to use it. But, in the case of the password, they leave it as is.

Other weak passwords

We could imagine that system administrators who have left “admin” as a password have done so out of laziness in having to choose another password. That is, they did not even want to edit the field with a new one. But the data published by Outpost24 shows that laziness is not the only reason. The reason for this is that they have a list of other passwords that they have found doing the analysis and we can see that many of them are just as bad. That is to say, those administrators have indeed taken the effort to change the password, but at the time of doing so they have ended up resorting to something almost as useless as having left admin.

Some of the examples of this type of case are those of the following passwords: 123456, 12345678, 1234, Password, 123, 12345, admin123, 123456789 and adminisp, the latter being the one that ends the top 10 of the most used and risky ones. . The next ten positions incorporate other passwords that are also not secure no matter how much the network and company portal administrators may believe otherwise. For example, choosing “root” as a password is thought to be very clever and original. But, in reality, it is the password that occupies position 12 on the list. One position before is “demo” and then the rest until the top 20 is made up of variants of numbers and “admin”.

Company portals usually have restricted access and are not available, for obvious reasons, to ordinary users. These portals can have a wide range of functions that vary depending on the business in question. For example, some collect employee information, personal data, elements related to company security, customer or order databases and many other things. They are, therefore, data that should be confidential and that should be protected to the extreme. However, this study demonstrates that there are many specialists who are not taking the protection of their systems seriously enough.

The advice that Outpost24 provides to companies that can feel identified They are so obvious that we are not going to reproduce them. At this point we are inclined to think that the people who made the decision to use “admin” as a password on their website did so, as we said before, out of disdain and not because they are not aware of what it may entail. After all, we are talking about private systems, not the password of a USB device. If you have identified yourself… take advantage and change your passwords before you can get your business into trouble!