Default Passwords are killing our Internets Security
password security
Facebook
Twitter
Original Published Date: October 22, 2016
Edited Date: December 28th, 2019

The password in general is both a blessing and a curse – A weak and easily guessed password can leave you vulnerable to attack but a strong password can protect your “castle” but is usually harder to remember – But there is middle ground.

What is IoT

The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems. IoT is an expansive beast especially in todays world were seemingly every device is internet enable – even devices whose internet connectivity seemingly offers little to no useful device expansion. why is the IoT important? Because of the number of increasing devices attached to the internet, you can also guess that the number of unsecured devices is on the rise – enabling those with the know how to grow their network of bots (botnets).

Yesterday’s attack used the now open source software called Mirai. Previously this software was used on an attack at KrebsOnSecurity.com that was recorded to be approximately 620 Gpbs per second. This software leverages IoT devices that have default passwords and configurations settings left untouched turning the control over to the bad guys and allowing them to use your device as needed. The most important part of this attack to take away is that you ALWAYS need to change the default password. If defaults passwords on all devices would have been up dated this type of attack would/could have been completely nullified.

I have actually ran into this a handful of times with clients – they have X device cant recall the password and don’t want me to factory reset it which would result in them losing their settings so what do you do? I turn to Google searching for the make and model of the device and usually have no trouble getting into the device in just a couple of minutes if not seconds. Most of what I hear is “I’ll never remember the strong password I create” – and to be thats a good thing since the harder it is to remember the harder in turn it would be to crack – your dogs name and current year ie fluffy2000 will never make for a good password. For those having a hard time with the recall of strong passwords check out LastPass.

LastPass – Password Management Made Easy

LastPass is an internet based password manager, this enables all of your devices such as phone, tablet, and computers to all have access to a single database of passwords and since the program has both the ability to load pages on its app and a browser extension you can create passwords that are very strong (20 character +). But how does this enable you to save device passwords? Via LastPass you can store any information you want in the system via a secure note.

In addition to securing and storing your passwords one really great feature is the ability to share passwords which is really great in a workplace environment. Normally, when a contractor would get done we would have to change all the passwords to the accounts they interacted with, on some projects we would have contractors rotating on a regular basis meaning that it wasn’t uncommon to have weekly if not daily password changes. But with LastPass you can share the password out to another LastPass account and disable their ability to view the actual password. Granted in some environments this wont work, but if the access is say to your MailChimp or WordPress account it can be a really nice feature since the user wont have visual access to the password only the ability to use it via an extension.