Default credentials are the pre-set usernames and passwords that ship with software, appliances, or demo environments. Vendors may use them to make installation and first login easier, but they are only meant for temporary use. In production, they should be changed immediately and replaced with unique, strong credentials and, where possible, multi-factor authentication.
They matter because attackers routinely scan for services that still accept factory or demo logins. If a web application, admin console, or connected device is exposed to the internet, default credentials can provide instant access without exploiting a code flaw. In attacks, they are often combined with weak network segmentation or unpatched software to reach sensitive data, change settings, or pivot deeper into a system. In defense, removing defaults is one of the fastest ways to reduce risk during deployment reviews and incident response checks.