I originally asked the question on the Trusted Catalyst mailing list. Martin picked it up and posted it on his blog. Now I'm going to do the same.
Why can't we start a campaign to get the vendors to
make a change so that the default password has to be
changed after the initial log in?
We all know that default passwords, configurations and such are the cause of many security issues that we fight against every day. If we can do something to change this then we will make things safer for all of us. There are some vendors who already implement this, but not nearly enough of them do so. The big offenders are those who cater to the consumer market. I understand that by making this change it will create some support issues as users forget their passwords, but it will cut down on issues such as this. Not to mention it will help keep your neighbor from logging into your wireless router to get your ISP login info.
If you feel the same way feel free to post the question on your blog. The more blogs that this is posted on then the better chance that vendors will read it and consider implementing it.
Security's Everyman
Friday, February 23, 2007
Default Passwords
Subscribe to:
Post Comments (Atom)
1 comment:
Why don't you start a Hall of Shame with information about vendors that don't do what you suggest?
There was even a site somewhere that had all these default password for all the network equipment outthere.
Can't remember it now but can dig it out if you are interested.
Post a Comment