Simples after a "factory reset" the first thing it asks you to do is enter a password for the default "administrator" user or better still a username and a password to create the admin user with no defaults.
No more FIELD/SERVICE for those DEC engineers, eh? What will they do.
Its typically something you can only find printed on a slip of paper inside the package, or on a sticker / card etc on the device itself.
Not something you can see outside the box, or via interrogation over a network.
Or the last 6 characters of the devices MAC address.
Serial numbers are on the packaging. MAC address's tend to only be on a label on the device.
Serial numbers tend not to be, of the web accessable AP's switches, routers here only one shows a "Device ID". They all show the [soft|firm|hard]ware version and of course the MACs of any ethernet ports.
That doesn't bode well for Amazon Sidewalk which it is starting to roll out.
Sidewalk is a mesh network in which your device connects to your neightbour's device and so on. This could be a honeypot for hackers.
You could make the password anything you like, but I can't see any real benefit to it matching the units s/n or MAC.
The key thing however is that its different on every unit and not guessable. That is an immediate step change in overall security for the huge swathe of population don't change default passwords.
switches,
ethernet
Both are something the manufacturing process know or, in the case of the MAC can be found out from the device on the production line for the label to be printed and stuck on automagically. A random unique string (which to all intents an purposes the last 6 characters of a MAC address is) would have to have some seperate non-volatile storeage alocated for it and have to programmed into the device. The MAC is "just there"...
How long would it take to guess the last 6 characters of a MAC address?
Be far better to force a password for the admin account to be entered after a factory reset before you can do anything else. The device then restarts and presents the login screen. Some rudimentary "strength" checking, like must contain upper/lowercase, number(s), symbol(s) and be at least 6 characters long could also be applied.
the same way all laws work
but cutting off the bollocks of transgressors
MAC addrs are usually just part of the config stored in an EEPROM nowadays.
Much like the law that requires most consumer electrical goods sold to the UK to have a UK plug. That never provided perfect consumer protection; and with the advent of online shopping and cheap goods direct from overseas it's even less perfect. But the price of perfection is often prohibitive. Perfection may be possible one day - eg when Amazon has a monopoly on retail sales or[1] SkyNet 2.0 is running. But in the meantime I don't see why the best should be the enemy of the good.
[1] you can replace "or" by "and" if you wish :)
Plus age, and speed of getting to the door. :-)
Erm, actually 6 digits of a MAC address has a *significantly* smaller number space than 6 digits of pretty much any other alphanumeric password.
6 digits of mac address gives 12,777,215 possible unique valves. 6 digits of alphanumeric (even of you limit it to just a..z, A..Z, 0..9 and no symbols) gives you: 47,672,401,706,823,533,450,263,330,816 possible unique values - which is 21 orders of magnitude more.The MAC can be changed on most NICs these days.
If you could make 1000 guesses per second, <= 47 hours.
If you want to massively increase your customer support costs maybe - since you will got lots and lots of people who type in anything to get past the prompt, and then promptly forget it and so can't get back into the management interface later.
Much better to have a secure password in the first place and have it written on the side of the box. So its secure by default for the majority that will never login to the management page (or even realise such a thing is possible). That does not stop more security conscious folk (or those in business settings where more people will be able to look at the label) changing it if they want.
There are some vendors of kit that do insist you change the default (secure printed on the case) password when you login the first time. Some of the virgin routers do that... I find it can be a bit counter productive with some customers, since the one thing I am confident that they are unlikely to ever lose is the router itself. If forced to change the password, then there is no guarantee they won't lose it, and then next time can't refer to the label to get back in.
That sounds even more problematic than having it set to "admin" or "password"! Now the first time someone other than the owner[1] accesses the page they set a password, locking out the owner. At least with a dumb default they are not actually forced to lock out everyone else.
[1] e.g. kids taking control of the family router etc.
Reminds me of the guy who couldn?t afford a car.
The dealer said he did have one he could sell him for £100, but it had no doors........
How would I get in??
There have been numerous cars, vans & trucks with no doors. In most cases, just climb on. Occasionally there were other methods of entry.
NT
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.