It is easy to lay some of the blame on the door of the manufacturer. They could be accused of shipping product with poorly configured security settings. Lets face it; it is not hard for them to force the user to change the initial configuration password. But that alone is not enough. What about the 'undocumented' password, the one that you don't even know about?
There are resources available on the Internet that allows you to audit your network devices and software applications. This should be performed as part of your yearly audit schedule. A simple Google search for 'default password list' yields hundreds of sites that claim to have the most comprehensive database of default passwords. One of the oldest, and still reliable, can be found here. It makes for some interesting reading and is regularly updated.
Whatever the organization, whatever the choice of software or hardware vendor, the default password is likely to raise its ugly head from time to time. Be proactive and get scanning. You will be amazed at what you may find.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.