Why IoT Devices should not have the Default Passwords?

What are the IoT Devices?

IoT stands for Internet of things which describes the devices with sensors, processing ability, software and other technologies that connect over internet and share data with other devices. This includes hardware such as smart TVs, smart mobiles, smart refrigerators, Smartwatches, smart fire alarms, smart door locks, smart bicycles, fitness trackers, smart security system and anything that could be controlled remotely over Wi-Fi, bluetooth. Most of the devices that we use daily fall into this category and may require a password to authenticate us on setting these up when we use these first time. These devices come with default password to allow its access to the owner. This might pose security threats and give access of these devices to an unwanted person.

Related: Chat GPT Login – How to Sign up and Access?

What’s the Risk of keeping the Default Passwords?

IoT Devices

Today hacking methods are much advanced than these used to be years ago. Brute-force attacks can be automated that try most common username, password sets until the working one is found. There are millions of these devices being used and if these have the default password that was setup initially, these are at the risk of being hacked.

Default passwords are usually easier to guess like, 1234, 007, 0000, admin, user, pass, password. According to one of recent cyber security researches, some of the most common pairs of username and password were

username : knockknockwhosthere
password : knockknockwhosthere


username : user
password : 1234

As these passwords and usernames do not have numbers, special characters, uppercase letters, these can be easily guessed via brute-force methods. These passwords have least entropy. Password entropy rises as you include the previously mentioned elements in the password.

A hacker could guess these passwords without even using advanced tools for the same.

Which IoT devices have passwords?

It is anticipated that there will be approximately 30 billion IoT devices worldwide by the year 2030. According to the best practice in cyber security, most of these connected devices should have password protection, especially if these collect and exchange personal information. As you keep the software updated on your smartphone for better protection ad performance, so you should change the default passwords on IoT devices too. If you don’t, cybercriminals could infiltrate your home’s network and the connected devices.

Another research shows the manufacturers of IoT devices often only recommend the buyers that they change the default passwords to unique credentials but do not require it. No matter what smart device you use, whether a smartphone connected to a Wi-Fi or a smart TV, always change its default password to a unique credential and do it before connecting it to a Wi-Fi network.

Change the Default IoT Password

Default passwords are convenient as these are easy to remember but note that these are also easy to hack. Fortunately, these passwords are easy to change and take only a minute or two.