Industry-Strength Industry-Bad Passwords

In past posts I have covered a bit about bad passwords, but the posts referred mostly to private users and their own personal accounts such as say Facebook. But are the passwords used by employees and contractors as part of their job functions any better? And would these passwords be better when dealing with remote access accounts, many with administrator privileges? The answer is in, and the answer is no –users, even IT users, are not significantly better at picking passwords.


On his December 13 blog post, Brian Krebs explored a “few” remote desktop username and passwords for sale at the malware site Makhost[dot]net. Some fun combinations, available at unprotected machines included some of the following username and password combinations:

  • owner owner
  • install install
  • guest guest
  • sophos sophos
  • staff staff
  • frontdesk frontdesk
  • AdMiNiStRaToR AdMiNiStRaToR
  • ldap ldap
  • kronos kronos
  • nurse nurse
  • sonicwall sonicwall

Of course, it is of particular interest that some of the terms were of security solutions, such as Sonicwall, Sophos, or Symantec. The industries affected were of all types, including healthcare providers, government agencies, financial institutions, etc.

Comments are closed