Weak or Default Credentials (Cracked Credentials)¶

Table of Contents¶

• Weak or Default Credentials (Cracked Credentials)
  • Table of Contents
  • Option 1: Implement a Strong Password Policy
  • Option 2: Implement a Configuration Management Process

Option 1: Implement a Strong Password Policy¶

Change the credential’s password and ensure a strong password policy is in place and users are properly trained on best practices. The National Institute of Standards and Technology (NIST) commonly releases guidance on password best practices which include: - A minimum length of 8 characters - Blacklisting passwords that contain dictionary words, repetitive or sequential characters, and the company name - Implement Multi-Factor Authentication when available

NOTE: See full NIST publication here NIST 800-63-3

Option 2: Implement a Configuration Management Process¶

Often, systems and applications will be installed without the default credentials being changed. Identify a configuration management process that ensures default credentials are changed before systems are deployed in a production environment.