Most common SSH passwords revealed

It is not only ignorant computers users who are using weak username and password combinations as a new website shows

September 15, 2010
Most common SSH passwords revealed

New computer users are often criticized for weak username and password combinations which can create significant security vulnerabilities in any organization.

Many companies have even imposed strict password policies which may include regular forced password changes, automated password generation and ‘strong password’ validation before accepting a new password.

While strict password policies may work well in theory, their value is often undone by something as simple as a post-it pasted on a computer screen to help an employee remember his newly generated strong password.

It is however not only ignorant computer users who are to blame for weak username and password selections. 

Dragon Research Group (DRG) has recently released the results of their “SSH password authentication insight and analysis” research, showing a surprising amount of weak usernames and passwords used by SSH users.

DRG points out that the Secure Shell (SSH) architecture is a set of protocols and tools based on the ability to enable encrypted remote system login.  SSH has largely replaced tools such as TELNET and rsh for most system administrative needs and is widely used by more tech-savvy individuals.

“Most SSH implementations have had good track records, having been responsible for relatively few bugs that lead to widespread anonymous attacks against the protocol or implementation. However, like many systems, SSH is only as safe as its weakest link,” said DRG.

“Often the weakest link in SSH configurations is the reliance on username and password authentication. When passwords are weak or easily guessed, other underlying SSH benefits are rendered worthless. Unfortunately, many SSH systems are susceptible to brute force password guessing and dictionary attacks.”

From the DRG’s recently released “Username and Password Authentication Tag Clouds” it is clear that many SSH users are making use of very weak username and password combinations. 

The following table provides an overview of the most used SSH usernames and passwords:

DRG SSH Username and Password Authentication
Most popular usernames Most popular passwords
root 123456
admin password
oracle 1234
test 123
user 12345

Other popular passwords amoung the surveyed SSH users include the easily guessable admin, abc123, passwd, qwerty, test, test123, root, linux, user, 1, and administrator.

Most common SSH passwords revealed << Comments and views

Anonymous News Tip
Free Email Newsletter:
Subscribe
X

Anonymous News Tip






Captcha image
Not readable? Change text.

sending

Shutterstock is the image partner of MyBroadband – technology images can be found here

Join the conversation

Connect with MyBB

twitterfacebookandroidappleblackberrynewsletterfeed

Poll

Are you using public WiFi hotspots to connect to the Internet in places like airports, restaurants or shopping malls?

View Results

Loading ... Loading ...

More News

Top tech deals this Easter

Sale

Many local retailers are offering technology products at reduced prices over the Easter period

First online pirate in SA pleads guilty, sentenced

Music pirate piracy

Majedien Norton, the Cape Flats man who was accused of uploading SA film Four Corners via Pirate Bay, has pleaded guilty to the charge

DStv Oscar Pistorius Trial Channel to take a break

Oscar Pistorius is seen during his murder trial at the North Gauteng High Court on Tuesday, 11 March 2014.Pistorius is accused of the murder of model and law graduate Reeva Steenkamp on February 14 last year. She was shot in the arm, hip and head. He is also charged with illegal possession of a firearm and ammunition, and two counts of discharging a firearm in public. Picture: Kevin Sutherland/Times Media Group/Pool

The Oscar Pistorius Trial Channel will take a break for two weeks

MTN strikes at the heart of Cell C

Cell C stab

MTN’s recent move to cut prepaid call rates to 79c per minute strikes at the heart of Cell C’s ability to improve its financial situation

bool(true)