I can't begin to tell you the number of times I encounter a network where the designer has left his administrator account named "Administrator". In today's world of cyber-criminals, this is a dangerous habit that needs to be broken
A word about Authentication
There are two basic components of the security key required to gain access to your system: the user name and the password. If you retain the default account names from the installation of your system, you are providing any would-be criminal with half of the key. As most novice users create password out of dictionary words, the time that it takes to hack into your system is thereby reduced to a matter of minutes or at most a few short hours.
Renaming Administrator Accounts
On an active directory domain, renaming the administrator account is easy. Open Aactive Directory Users & Computers, find the administrator account, right click on it and enter a new name. Selecting an appropriate name should not be too difficult. The trick is to make the account indistinguishable from all other users on your network. For example, rename the account so that it looks like the name of your boss' wife. Be sure to keep the same naming conventions on the account and change the description of the account as well.
Provide an Administrator Account For Cyber-criminals
If someone gains access to your user lists, they will immediately notice that there is no administrator account. A little detective work will lead them to the correct account in just a little bit of time. One trick that I use is to rename the Guest account to Administrator and then ensure that it is disabled. Also provide a complex password for the account. Since you do not use the account, you do not need to remember the password.
This provides a low privilege account as bait for your would-be attackers. They will spend days trying to crack the account because it is so infrequently used. This may buy you enough time to be able to track down the attacker and stop him before he can compromise your system.
Throw Out the Dictionary
Honestly, how many of you use standard English words in your passwords? Don't! Most attack tools use dictionary lists of words to try to attack your passwords. By using complex passwords, you greatly increase the amount of time that it takes an attacker to gain access to your system. Consider using C2 level password security requirements as a guide.
- Use a mixture of numbers, letters AND special characters.
- Use upper and lower case letters.
- Create passwords longer than 8 characters in length.
- Change passwords every 90 days.
For the perfectly paranoid, you can use biometric authentication such as fingerprint recognition.