Forgotten passwords has become a major industry topic.
For example, Hikvision has been emailing admin passwords in plain text until IPVM's reporting prompted them to stop it.
And XiongMai, famous for its role in 2016's massive Mirai botnet attacks, allows mass emailing master password lists, like so:
Dahua and Hikvision still send out passwords, even after Hikvision's previous tool was cracked.
How Big A Problem Is This?
The great lengths that these companies go clearly implies that some people are having significant problems with forgotten passwords.
But how big of a problem is it overall?
150 integrators responded to IPVM's survey question:
How significant of a problem is your customers forgetting their recorder's password? What do you typically do when it happens?
In this report we examine the problem of lost admin passwords, how integrators manage this problem, and why manufacturer support for recoverable admin passwords is poor design.