Thursday, September 23, 2004

Default login and password for network devices

Came across this list of the default usernames and password assigned to network devices like routers, gateways, switches etc.

I have always wondered, why do device manufacturers put in the same default password for all the units of a particular product. Eg, all Netgear MR814 routers would have the same password - "password". Isnt it possible for manufacturers to generate a different password on every router and then they could add a password sticker either in the casing or on the manual. Is it really that difficult? With consumers lapping up wifi routers, we need to atleast have the basic password security taken care of. No amount of encryption strength can save you, if you have a weak or default password.

Needless to say, you should change the password (and if possible also the username) of any network device as soon as you install it. At the bare minimum, the password should be alphanumeric and atleast 8 characters long. For corporates, enterprises and businesses the network devices need to have stricter password rules.

I agree that people need to be more proactive with their networks. My question is, why is it the manufacturer's responsibility to protect people from their own lazyness? Sure setting up a Cisco 3500 series router takes a little know how. But with the simple straight forward web interfaces on most consumer networking equipment, there should be no reason for the user to change the password themself.
People just dont bother/fiddle with a device if it works right out of the box. You'll be surprised to know that a lot of people dont even change their SSID. They just leave the default in there.

I still think it is the manufacturer's responsibility to make the user change the password on the first boot-up or install.
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?

Copyright Anand Jain 2004, 2005. All rights reserved.