Security News > 2023 > December > CISA urges tech manufacturers to stop using default passwords
Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords.
"This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation," CISA said, by taking "Ownership of customer security outcomes" and building "Organizational structure and leadership to achieve these goals."
"Years of evidence have demonstrated that relying upon thousands of customers to change their passwords is insufficient, and only concerted action by technology manufacturers will appropriately address severe risks facing critical infrastructure organizations," CISA added.
The U.S. cybersecurity agency advised manufacturers to provide customers with unique setup passwords tailored to each product instance as an alternative to using a singular default password across all product lines and versions.
Ten years ago, CISA issued another advisory notice highlighting the security vulnerabilities associated with default passwords.
"Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems," the cybersecurity agency said.