TECH INTELLIGENCE: Security through obscurity

Listen to this article

Organizations are increasingly being asked to increase their efficiency — getting more done with fewer resources. But the rush to do more with less can sometimes lead to deadly consequences. One often-ignored small step – changing default administrator usernames to something obscure and unlicensed – can reduce the odds of being hacked. An experienced cybersecurity solutions provider can help users to implement this important strategy.

A default administrator, or admin, username refers to the pre-configured name that is often set by manufacturers or developers of software, operating systems or hardware devices. For example, a router connects computers and other devices to the internet. Acting as a kind of dispatcher, a router chooses the best route for information to travel, connecting businesses to the world and, when configured properly, protecting information from security threats.

But the default admin usernames of many routers, along with many “smart” devices, often consist of simple, easily guessed combinations like “admin,” “administrator,” “root user,” or “superuser.” Cyber criminals know this and may attempt to gain access by using one of those usernames, along with various password combinations, to gain access to the wider digital system and install malicious software, alter system settings, create additional user accounts, access files, steal data and potentially move laterally to compromise other systems.

Change is good

Routers are not the only target of hackers, but they are a common attack vector since a successful penetration lets a hacker monitor many actions taken by a user – and any device on their Wi-Fi network – such as the websites and services being used and when they are being accessed. Consequently, cybersecurity professionals often recommend changing the default administrator username of routers and other devices to an unlicensed, more unique and less predictable username. This action, taken as part of a layered cybersecurity strategy, adds protection by making it more difficult for potential attackers to guess the administrative credentials.

More Tech Intelligence

Cybersecurity spending

An “unlicensed user” typically refers to an account with a unique username that is not associated with any specific licenses or privileges. It may be helpful to choose a username that does not reveal its administrative nature, thus adding an extra layer of security. For example, instead of naming an administrator account “admin” or “administrator,” a business might choose a more obscure and less predictable username, like “muggyscugglemeyer” or another unique moniker.

Using a unique admin name can also help organizations improve accountability, since sharing a default admin name among multiple users makes it more difficult to track specific actions of individuals. In contrast, assigning an unlicensed user as the admin means that each user can be uniquely identified, fostering a sense of responsibility and making it easier to investigate and address security incidents.

Swapping out a default admin username for a customized one is an important security step, but it should not be done as a stand-alone tactic. Instead, developing a unique admin name should be considered as a component of a layered cybersecurity strategy that includes such steps as ensuring that software and firmware patches are identified and applied promptly; encrypting data that is in transit and at rest; implementing a comprehensive, automated data backup and restore plan; and conducting periodic risk assessments and penetration testing to highlight security vulnerabilities in an organization while developing effective defenses.  

Well-run organizations rely on their digital systems, so addressing vulnerabilities is fundamental to fortifying defenses against evolving cyber threats, mitigating the risk of brute force attacks, enhancing user accountability, and minimizing the odds of successful targeted exploits while aligning with established best practices. Businesses that start with a simple adjustment to their default admin names can contribute to a more secure digital environment — safeguarding sensitive information even as they promote a culture of proactive cybersecurity.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken. 


This website uses cookies. By continuing to use this site, you accept our use of cookies.