November 24, 2004

Why Default Passwords Are a Bad Idea

I have never been a supporter of default passwords in a 'manufactured shipping state' piece of hardware. Why? Because most people are either to lazy to change it, or don't even know you need to.

The result? People collect the information and post a single list of default security passwords holding MANY of your favorite vendor products in one place so script kiddies can walk right in.

What could you do about it as a developer? Don't use default passwords. But you need them when shipping for first time login. Ok, ok. Well at least force it to a one time password unique to the machine. In the past I have used a unique seed against the hardware serial of the device, which means a SLIGHT alteration may be needed to the build process of the device. At the manufacturer, you would need to have the serial info which is normally added at the end, become PART of the software flashing process. I will leave how you would plan that up to you; it is possible though.

Thanks to Foz for pointing out the list. One of these days I will have to post my list of default BIOS passwords.

Posted by SilverStr at November 24, 2004 07:10 AM | TrackBack

As long as it's done in such a way that, if the password becomes unknown for whatever reason, that it can be reset without having to contact the manufacturer, then great. As you mentioned, MAC addresses are great for this.

It really sucks to be doing an emergency equipment swap/install at some awful hour, and not to be able to configure the device even though you have physical access and the online documentation for it.

An alternative to a unique factory default password might be a simple as having the device shut itself down within 10 minutes of boot, unless the password has been changed. Or, disable some other piece of functionality in such a way that it FORCES the administrator to update the password.

Security needs to be intuitive and stay out of the way.

Posted by: Wim at November 24, 2004 07:44 PM