Technology Manufacturers Urged to Eliminate Passwords


In a two-point strategy released today, the US Cybersecurity and Infrastructure Security Agency (CISA) is pleading with technology makers to remove default passwords from their products.

In a recent Secure by Design Alert titled “How Manufacturers Can Protect Customers by Eliminating Default Passwords,” the organization asserted that default static credentials, such as passwords, pose a severe security risk, particularly for critical infrastructure.

It mentioned a recent event in which Iranian threat actors exploited programmable logic controllers (PLCs) to damage multiple US water systems.

The substantial risk of harm in the real world resulting from manufacturers supplying goods with static default passwords is demonstrated by recent attacks targeting programmable logic controllers (PLCs) hardcoded with a four-digit password, according to CISA.

Read More…