Weak or Default Credentials - SSH
Table of Contents
Option 1: Implement a Strong Password Policy
Change the credential’s password and ensure a strong password policy is in place and users are properly trained on best practices. The National Institute of Standards and Technology (NIST) commonly releases guidance on password best practices which include: - A minimum length of 8 characters - Blacklisting passwords that contain dictionary words, repetitive or sequential characters, and the company name - Implement Multi-Factor Authentication when available
NOTE: See full NIST publication here NIST 800-63-3
Option 2: Implement a Configuration Management Process
Often, systems and applications will be installed without the default credentials being changed. Identify a configuration management process that ensures default credentials are changed before systems are deployed in a production environment.