How often do you change the default passwords on your network-enabled devices? If you don’t bother with setting a new password, you may be putting your security at risk. The UK has banned the sale of devices with guessable default passwords, but even if you don’t live there, it’s well worth changing your default passwords to ensure your devices can’t be cracked.

What Is a Default Password?

When you purchase a device that can be accessed via your network, it usually comes with a default username and password. This is meant to be a placeholder account that you use during the setup to access the settings. Once you’re in, you set the username and password to something stronger, and you’re good to go.

However, sometimes, the default username and password are the same across every device; the classic setup is having the username as “admin” and the password as “admin.” Some devices will have a default password, but it’s randomly generated for each device produced. These usually come with a little sticker on the back, letting you know their unique password.

default password and admin account on router

Why Are Default Passwords Being Banned in the UK?

As reported by theNational Cyber Security Center, the UK passed a law that bans the sale of a network-enabled device that doesn’t protect its users by default. As per its rules:

The manufacturer must not supply devices that use default passwords, which can be easily discovered online, and shared. If the default password is used, a criminal could log into a smart device and use it to access a local network, or conduct cyber attacks.

Man holding mobile phone next to router

It may seem like a heavy-handed law, but guessable passwords are a severe security flaw. If every device of the same model shares the same username and password, it can be very easy for a hacker to break into them.

In fact, there are entire databases of default usernames and passwords online, such asData Recovery. These websites are meant to help people access their devices, but they can also be used by hackers to access other people’s networks.

Once they’re in, hackers can use these devices for all kinds of purposes. The more obvious route is using whatever device they accessed against you, such as spying on your house through your cameras or grabbing data from Wi-Fi storage devices. However, hackers can also use the processors of your devices as part of a larger botnet like theMirai malwareused as part of massive DDoS attacks.

The UK’s ban hopes to reduce the number of devices hacked every year. This, in turn, reduces the amount of information stolen and weakens botnets that depend on large numbers to achieve their goals.

Are My Device’s Default Passwords Guessable?

Not every device has a guessable default password. As we covered above, some devices come with a randomized default password printed on a sticker somewhere on the outside. These randomized passwords are usually safe to use; however, if you may have concerns about someone seeing the sticker and learning your login information, you can change it.

If your devices use default passwords that aren’t randomized, it’s a good idea to change them to anunbreakable password you can’t forget. Even if you’re not in the UK, the threat of cybersecurity is enough reason to change your login information. You can also take this time toimprove your router and modem’s security.

If you’re not sure if your device’s password is randomized, search online for databases with your device’s password listed. If you may find it, so can a hacker, so get it changed ASAP. Your device’s manual should tell you how to do that.

While the ban only affects UK devices, hackers are a worldwide problem. It’s a good idea to double-check your online devices for guessable passwords and change them if you have any. Who knows, a quick change now may save you from an attack later.