Good Passwords For Bad Bots

Password Research Report

Published November 2022


This report details the types of credentials that are most often used by automated attackers to gain access to systems with SSH and RDP – the two most common protocols for remote access. These protocols are widely used for managing virtual machines in the cloud and thus, with the growing popularity of both cloud deployments and remote work, it is important to know how opportunistic attackers are targeting these systems. We find that the most common usernames are defaults that are built into operating systems and applications such as “root,” “administrator,” and “mysql.”

However, the most commonly attempted passwords tend to be the well-known bad passwords: “123456,” “password,” “admin,” or simply no password at all!