Should default passwords always be empty?

I would never advise setting a default password to be empty, especially for an administrator.

As another solution along the same lines, create a generated high entropy, cryptic (my example is nowhere cryptic, but it's an example) first-time password so your user will think:

"Wow, f45zaH67 is something I'll never remember, let me go ahead and change that"

xml security passwords

Microsoft used a blank default password for the administrative account "sa" for SQL Server. The "sa" account has complete control over the database and can access cmd.exe using xp_cmdshell(). You can login to the database over port 1433. Worms spread by using the sa account with a blank password, over the years many databases where hacked. Finely Microsoft addressed the issue by forcing the user to set a password on install.

Never have a default password (especially if it allows remote code execution)

xml security passwords

Can't you just force them to change it on first login?

Based on your edit...

I would opt for randomly generating a password something (as already suggested). The benefit of this is not only should it make the admin change it, but if they don't, you can be sure it ain't gona be easy to guess. Either way the account will be more secure than it would with a blank password (big no-no)

CodeHunter

Should default passwords always be empty?

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last