A method for verifying that default passwords have been changed without causing a security lockout, is provided, including enabling user identifiers associated with a plurality of devices, prior to an initial security test, identifying, a default password for a user identifier of each device, attempting a login to each device using the default password for the user identifier of each device, wherein: in response to determining that the login is successful, raising an alert against the user identifier as a security concern and maintaining an enabled state of the user identifier, in response to determining that the login is unsuccessful, disabling the user identifier so that the user identifier is in a non-enabled state, until a security lockout interval elapses, and retrying the login only for each user identifier in an enabled state during one or more subsequent security tests initiated after a predetermined alert interval.