Thousands of IT administrators are using ‘admin’ as their default password

A close up shot of someone pressing a keyboard key on a laptop covered in blue and red lighting
(Image credit: Getty Images)

IT administrators can be just as lax at password security as end-users, according to new research.

Analysis of over 1.8 million admin credentials by Outpost24 found that basic default passwords were used frequently by IT staff, with highly predictable terms used tens of thousands of times.

The study found that the term “admin” ranked among the most popular passwords among IT administrators with over 40,000 entries.

Of the top 20 administrator passwords analyzed by the firm, basic numeric combinations such as ‘123456’ and ‘12345678’ were also highlighted among the most-used by admins.

Similarly, terms such as ‘admin123’ and ‘Password’ were also common. 

The research points to a culture of poor password security and management that could be placing thousands of organizations worldwide at risk of compromise, according to Outpost24.

Passwords observed in use by the cyber security firm were obtained from credential stealing malware, which is frequently used to compromise user accounts.

These specific passwords, however, could be easily guessed without the need for sophisticated techniques, underlining the potential danger many organizations face by not employing stringent password security practices. 

“While the data from our analysis was obtained from credential stealer software, a type of malware designed to target the applications capable of storing usernames, passwords, and other authentication credentials, most of the passwords in our list could have been easily guessed in a rather unsophisticated password-guessing attack,” the firm said. 

Inadequate password security

Poor password security has the potential to create significant risks for organizations of all sizes, and the issue of hygiene and best-practice has been a recurring topic in recent years. 

A recent study from Authlogics, a provider of password security technologies, warned that the volume of exposed account passwords has skyrocketed. 

The firm said its Password Breach Database reached a highly concerning landmark in March 2023, surpassing five billion compromised account credentials.  

Separate research from SpyCloud this year also shed light on the scale of the issue. The threat intelligence firm said that password reuse and substandard login credentials remain a “rampant” issue globally.  


Level up your log management: Six-phase strategy for achieving continuous improvement

(Image credit: Graylog)

Find out how to use event log data from your SIEM platform to make IT and business decisions


Outpost24 stressed that administrators and end-users alike should never use default login credentials and always create a “long, strong, password” for each individual account. 

“Enforce these security measures across your network,” the firm said, adding that organizations should always be conscious of the telltale signs of poor password security practices. 

William Wright, CEO of Closed Door Security told ITPro that passwords should neither be shared nor in a basic format.  

“These are rookie mistakes, but they still happen every single day, and criminals are fully aware of it,” he said. 

“When criminals target an organization, they understand one valid credential is all they need to execute a data breach or install ransomware. So, when organizations are using ‘admin’ on their administrator accounts this gives them all the access they need, which means it’s the first attack path they will test.”

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.