The University of Maryland was our first stop, since they had just completed the study on this very topic.
“Attackers are generally looking for the username and password that will bring them the greatest reward,” notes Cukier. As a result, the username “root” — which traditionally has given administrators access to multiple systems at the root level — is by far the most frequently-guessed, with “admin” finishing a distant second.
According to Michel Cukier, the professor who led the study, here are the most commonly-guessed passwords in cyberspace, in order of frequency:
1. (username)
2. (username)123
3. 123456
4. password
5. 1234
6. 12345
7. passwd
8. 123
9. test
10. 1
Other experts chipped in a few of their own. Val Smith, CTO of Offensive Computing LLC, notes five that didn’t land in the university’s top 10: “admin1,” “changeme,” “dontforget,” and “letmein.”
Original Post URL: https://www.darkreading.com/attacks-breaches/top-10-admin-passwords-to-avoid/d/d-id/1128615