Many Internet-connected devices and services, such as routers, webcams, and databases, initially come with default usernames and passwords to allow new users to easily log into and configure a product. Many people neglect the important step of changing the default login information, leaving them vulnerable to cyber attack.
When attempting to access a system, attackers try the easiest methods first. As default passwords for most products are publicly and readily available online and in product documentation, one of the first steps an attacker will try is to gain access to a device or service using the product’s default credentials.
By replacing default passwords with a strong password, you can considerably improve the security of your device or system. Be sure not to replace the default password with one of the most common passwords, such as password, password1, 123456, etc. (See it-security.usc.edu/category/password-security-2 for tips on creating strong passwords.)
For more information about the dangers of default passwords, see the US-CERT publication Risks of Default Passwords on the Internet.