Canonical account

From Wikipedia, the free encyclopedia

A canonical account (or built-in account), in the context of computer software and systems, is an account that is included by default with a program or firmware. Such accounts usually also have a canonical password and may have certain access rights by default.

As such accounts and their password and permissions are usually common knowledge, given that anyone possessing a copy of the software, the device or their documentation will likely know of the account, a common security measure is to change the account's password and to double-check or modify the groups (if any) it is included in, or simply disable or delete it if it is not required.

[edit] Examples

Zyxel routers typically have admin as their default firmware administration account and 1234 as the password. The password can and should be changed as soon as possible.
Microsoft Windows 2000 and XP, and possibly other versions, have an account named Guest by default, which has no password and grants a very basic access to the operating system. Even though it is disabled by default, some administrators may choose to activate it, change the password and disable it once more for good measure. This account cannot be deleted.
Canonical passwords are usually simple and may often be:
- A simple sequence: 1234, 4321, abcd
- The same as the account: if the account is bob, the password will also be bob
- A word relating to the account or software: support, finance, windows
- Simply password, pass