Over 40,000 Administrators Use “admin” and “123456” as Passwords
From January to September 2023, analysts at Outpost24 collected interesting statistics on authentication data. It turns out that IT administrators use tens of thousands of weak passwords, with “admin” being the most popular. In total, researchers examined more than 1.8 million administrator credentials using the Threat Compass threat analysis solution. It is emphasized that all data was obtained from malware targeting applications that store usernames and passwords. Although the collected data was not presented in plain text, researchers explained that most passwords on the list could be easily guessed using simple brute-force methods.
“To narrow our list down to only administrator passwords, we analyzed statistical data stored in the Threat Compass backend, focusing on pages identified as administration portals. In total, we found 1.8 million passwords recovered in 2023 (from January to September),” the Outpost24 report states.
Such administrative portals could provide access to configuration, accounts, and security settings. They could also be used, for example, to track clients and orders, or to perform CRUD operations in databases.
Top 20 Weakest Administrator Passwords
- admin
- 123456
- 12345678
- 1234
- Password
- 123
- 12345
- admin123
- 123456789
- adminisp
- demo
- root
- 123123
- admin@123
- 123456aA@
- 01031974
- Admin@123
- 111111
- admin1234
- admin1
The researchers note that while the resulting list is “limited to well-known and predictable passwords,” these passwords were associated with many real administration portals. This means that attackers are generally well-prepared for attacks on privileged users.
Experts emphasize that protecting a corporate network starts with basic security principles, including using long, strong, and unique passwords for every account—especially for users who have access to sensitive resources.