The Internet Census 2012 Dataset: An Ethical Examination

The default password problem (an "admin" account having the password "admin," or a system with no password on certain default accounts), has been around as long as computer systems have been sold and shipped to unsuspecting new owners. This problem was mentioned on Usenet as early as 1994, regarding Silicon Graphic Irix (SGI) workstations and reported to SGI (who did nothing to fix the problem until years later, after the Computer Emergency Response Team Coordination Center (CERT/CC) released a security advisory about the problem [1]). As the Internet became widely used, the problem extended to generally weak or trivially guessable passwords, including both the published default passwords, and commonly chosen simple passwords like "12345," "password," or "opensesame." Users choose weak passwords, ignoring or despite nearly two decades of knowledge indicating how problematic weak passwords are in terms of security. Corporations and software developers continue to release Internet-accessible systems with weak passwords.