Deprecation of Default Password Management Feature in 2025

The Default Password Management feature is targeted for deprecation in 2025. The final date will be confirmed with the November ’24 Release.

Setting a default password for new users is generally not considered a secure and good practice due to several security risks and potential issues:

Security Vulnerability	Predictability	User Negligence	Uniformity
Default passwords are not secure. Default passwords are often easily guessable or well-known. If not changed promptly by users, they become a significant security vulnerability, allowing unauthorized access to accounts.	Default passwords tend to follow predictable patterns, making them easy targets for attackers using brute force or dictionary attacks.	Users may neglect to change the default password, either due to forgetfulness or lack of awareness, leaving their accounts exposed. Example: If a user logs in through SSO, the "Default Password" stays active forever.	If the same default password is used for all new users, a breach in one account can potentially lead to breaches in others. At the portal level, if the portal Default Password is leaked, the portal is at risk of compromise.

Security Vulnerability

Predictability

User Negligence

Uniformity

Default passwords are not secure. Default passwords are often easily guessable or well-known. If not changed promptly by users, they become a significant security vulnerability, allowing unauthorized access to accounts.

Default passwords tend to follow predictable patterns, making them easy targets for attackers using brute force or dictionary attacks.

Users may neglect to change the default password, either due to forgetfulness or lack of awareness, leaving their accounts exposed.

Example: If a user logs in through SSO, the "Default Password" stays active forever.

If the same default password is used for all new users, a breach in one account can potentially lead to breaches in others. At the portal level, if the portal Default Password is leaked, the portal is at risk of compromise.

Customers should not implement new processes or solutions that use Default Password Management features.

Alternatives to Default Password Management

New users can complete the "Forgot Password" process to set a new password first before logging-in first time to Cornerstone.
Administrators create a default password and share the password with the individual users (offline process).
Implement a Single-Sign On (SSO) solution using a 3rd party identity provider to manage user accounts.