Default Passwords are killing our Internets Security

The password, in general, is both a blessing and a curse. A weak and easily guessed password can leave you vulnerable to attack, but strong passwords can protect your ‘castle,’ though they are usually harder to remember. But there is middle ground.

What is IoT

The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity and the communication that occurs between these objects and other internet-enabled devices and systems. IoT is an expansive beast, especially in today’s world where seemingly every device is internet-enabled – even devices whose internet connectivity offers little to no useful device expansion. Why is IoT important? Because the number of increasing devices attached to the internet is also increasing, you can guess that the number of unsecured devices is on the rise – enabling those with the know-how to grow their network of bots (botnets).

Yesterday’s attack used the now open-source software called Mirai. Previously, this software was used in an attack at KrebsOnSecurity.com that was recorded to be approximately 620 Gbps per second. This software leverages IoT devices that have default passwords and configuration settings left untouched, turning the control over to the bad guys and allowing them to use your device as needed. The most important part of this attack to take away is that you ALWAYS need to change the default password. If default passwords on all devices were updated, this type of attack could have been completely nullified.

I have actually run into this a handful of times with clients – they have X device, can’t recall the password, and don’t want me to factory reset it, which would result in them losing their settings. So what do you do? I turn to Google, searching for the make and model of the device, and usually have no trouble getting into the device in just a couple of minutes, if not seconds. Most of what I hear is, ‘I’ll never remember the strong password I create,’ and to me, that’s a good thing since the harder it is to remember, the harder it would be to crack – your dog’s name and current year (e.g., fluffy2000) will never make for a good password. For those having a hard time with the recall of strong passwords, check out LastPass.

LastPass – Password Management Made Easy

LastPass is an internet-based password manager that enables all of your devices, such as phone, tablet, and computers, to have access to a single database of passwords. Since the program has both the ability to load pages on its app and a browser extension, you can create passwords that are very strong (20 characters or more). But how does this enable you to save device passwords? Via LastPass, you can store any information you want in the system via a secure note.

In addition to to securing and storing your passwords, one really great feature of LastPass is the ability to share passwords, which is really great in a workplace environment. Normally, when a contractor would finish their work, we would have to change all the passwords to the accounts they interacted with. On some projects, we would have contractors rotating on a regular basis, meaning that it wasn’t uncommon to have weekly, if not daily, password changes. But with LastPass, you can share the password out to another LastPass account and disable their ability to view the actual password. Granted, in some environments, this won’t work, but if the access is, say, to your MailChimp or WordPress account, it can be a really nice feature since the user won’t have visual access to the password, only the ability to use it via an extension.

Share This

Facebook
LinkedIn

More Articles