Forgotten Password Problem Importance (Statistics)

Author: Michael Budalich, Published on Sep 15, 2017

Forgotten passwords has become a major industry topic.

For example, Hikvision has been emailing admin passwords in plain text until IPVM's reporting prompted them to stop it.

And XiongMai, famous for its role in 2016's massive Mirai botnet attacks, allows mass emailing master password lists, like so:

Dahua and Hikvision still send out passwords, even after Hikvision's previous tool was cracked.

How Big A Problem Is This?

The great lengths that these companies go clearly implies that some people are having significant problems with forgotten passwords.

But how big of a problem is it overall?

150 integrators responded to IPVM's survey question:

How significant of a problem is your customers forgetting their recorder's password? What do you typically do when it happens?

In this report we examine the problem of lost admin passwords, how integrators manage this problem, and why manufacturer support for recoverable admin passwords is poor design.

********* ********* *** ****** * ***** ******** *****.

*** *******,********* *** **** ******** ***** ********* ** ***** ********* ****'* ********* ******** **** ** **** **.

***********, ****** *** *** **** ** ****'* ******* ***** *************, ********** ******** ****** ******** *****, **** **:

***** *** ********* ***** **** *** *********, **** **************'* ******** **** *** *******.

How *** * ******* ** ****?

*** ***** ******* **** ***** ********* ** ******* ******* **** some ****** *** ****** *********** ******** **** ********* *********.

*** *** *** ** * ******* ** ** *******?

*** *********** ********* ** ****'* ****** ********:

*** *********** ** * ******* ** **** ********* ********** ***** recorder's ********? **** ** *** ********* ** **** ** *******?

** **** ****** ** ******* *** ******* ** **** ***** passwords, *** *********** ****** **** *******, *** *** ************ ******* for *********** ***** ********* ** **** ******.

[***************]

Lost ********* ****** ****** ***********

*********** ******* ***** ********* ********* ** ** *************:

**** **** **** **** *** **** **** ********* ***** ****** passwords, *** **** *********** ********** ****, *** ****** *** ******* in *******, ** ********* ***** ****. *** *** **** ****** approaches **** ***** ****** ********, ** *********** **** ***********.

Solved **** ****** *******

*** **** ****** ******** (~**% ** *********** ****** ******* **** significant) ** ******** **** ********* *** ** ******** * ****** account, ** ******** *** ** *** ***** *******. ******* ** giving ***** ***** ******, **** ******* ***** **** ***** *** accounts. **** ******* *** *********** ** ***** **** ***** ******** and ***** *** ********** ***** ********.

  • "*** * **** ******* ** ** ******* **** *** ************* password ***** ** ** *** ****** *** **** *** ***** their ********. ** ****** *******, *** **** ** **** ** is *** **** ********* **** *** ****."
  • "** ** *** * *********** ******* *** ** **** ** do ****** ******* ******* * ***** *** ** ****** **** in ******* ******* (** *********** ** ***** ** ** **** little). **** * *** ********** *** ***** ********** ******* ***** managed **********, ** ******* **** *** *** ***** *******."
  • "**** **** *** ****** **** *****, *** **** ** **** it ** *** *** ******* *************. * ***** ** ** because **** ***'* *** ** ***** **** **** **. ***** are *** **** ***** ** ***'* **** ****** ****** **, so ** **** ****** ** *** ***** *** ********. **** places *** **** **** ** **** ****** ****** ***** **** our *** ******** *** ******** **** ***** ******."
  • "****** ********. ** ******** *** ********* ** **** ** ******* so ** **** ****** ***-** *** ******/****** ***** ******** ** work **** *** ************ **** ******* ** ***** *** **** as * ***** **** ********."
  • "** ****** ****** ** ***** **** **** ***** ****** *** solving ***** ******** ******** *****."
  • "** ** *** **** *** ***** ******** ****. ** ****** remotely ****** *** ******** ** ******."
  • "** ****** **** * ****** ** ************** ******** ********* ******** recovery ** *** ******* ** ******. ** ******** * ****** internal ******** ****** ** ****** *** ******* ** * ******* system ********* ****** *********, ********** ********* *** ************** *********."
  • "** ****** **** * ******** ***** ******** ** ** *** change ****** ** ******. **** ** *** ******** ** ** Admin ** **** **** ********."
  • "*** *****, *** **'* * *** ******* **** ** ****. We ********* **** *** *** ***** ********, ********* ************ ****** or **** **** (** *** :*)"
  • "** ********* ***'* **** **** ***** ** ** ****** * login *** **** *** *** *** ** **** *** ** can ****** *** **** *** ******. ********* ****** **** ** have *** ****** **** ** ** **** ** ******* *** system."
  • "** **** * ****** ** *** ********* ** ***** ***** password ** ******** ****** ************ *********. ** **** ******** ** admin ***** ***** ******* ** *** *****. ** ******** ******* most ***** *** ** **** **** **** **** *** ****** it ******* * *********** **** ** **** *** ********** *** recovery."
  • "*** ********* ****** ******. ** **** ** ** **** * password *** *** ***** ***** ******** **** *********."
  • "********* ***** ** ********** ******** ***** ***** *** ******** ** the ********. **** ****** ** ** ****** ***** ********."
  • "*** ******* ** ***** **** ** ** ********* **** ** install ******* ** *** ** * ******** ***** ******* *** our *******"

Solved **** *************

*** ***** ****** ********, ~**% ** ***** *** **** **** passwords **** *** * *********** *****, *** ** **** ************* of *********, ** **** ********* ***** ** ******** **** ***** password ***.

  • "** **** *** *** ******** ** *** ** *** *** customer ******* *** ****** ******."
  • "******* ** **** ** *** *******. **** **** *** ******** we ******** ** *** **** ** *********."
  • "*********... ** **** ** *** **** **** ******* ** *** installations ** * ******* ******** **** ** **** ***...*** **** can **** **** ********"
  • "**** ************ ****** *** **** **. ** *** ** **** a ******** ****** ** *** *****."
  • "*** * ****** *******. ** ** ******* **** * ****** of ******* ******** ** **** ** **** ** ****** **** they ****."
  • "** **** * ****** ** *** *********, ** *****'* ****** often ******."
  • "* ***'* ******** * ****** ********. ** ****** ******** *** credentials"
  • "*** *******. * ****** *** ************, **** **** *** ********** works *** ***** *** * ***** **** *** *** ******* of *** ******. * **** **** **** **** *********** *** login *********** *** ********* *** ** **** ** * **** place. ****** * **** ****** ******** ******* ***** ***** *********** and ***** *** ***** **** *** *** **** ** *** system. ***********, * ******** ********** *** *** **** **** **** this *******."

Rarely *******

*** **** ***********, ********* ********* *** * **** **********. **** may ** *** ** ******* **** *** ****** *********, ** other ************** ******* **** ****** ********* ************, ***** ********* ********* would ****** ** ******* ** *** ********* ** **********, ******* of *** **********.

  • "*** ***** ** ***. *** **** **** **, **'* * service ****. ** *** *** ******** ** ******* ********** *********** subscriptions ***** *** ******* ** ****** **** **** ********** ** the ***** ******."
  • "*% ****, ** **** *** *** ****** ******** ****** *** high ******* ******* ***** **** ** *** ***** ****."
  • "*** *********** ** *** ******* ****** **** *** ****** **** on ***** *******. ***** ******* *** ******* ******** *********, ** we ******* *** ****** ** ** **** ** **** *** in."
  • "** *** *** **** * *********** *****."
  • "*** ********* ****** ******. ** **** ** ** **** * password *** *** ***** ***** ******** **** *********."
  • "*** ***********; ** *** * ********* ******** ** **** *******, and **** ********* ** *** ****** **."
  • "*************. ****** *** ************* *** ********** **** ******* ****** *********."
  • "*** ***** *** **** ** **** ** ****** ** ********* it *** ****."

Significant ******* *********

*********** *** **** **** ********* ** * *********** ******* ***** relied ** ************ ******* ** ***** ** ***** **** ******** problems:

  • "**** ******. ** **** ** ************* ** **** **** **** of ******** *******. * **** ***** ********** * ******* ********** where ** *** ********** **** *** *** ***** ******** ** we *** ****** ****** *** *********, *** **** ********* ** not **** **** ****."
  • "*****. ** **** ***** * *** ** ****** **** ** their ****** ***** **** ******** ************* *** ****** ** *** be ******** **** **** ** ****."
  • "*** *** ************ *******"
  • "**** ***********, ** **** *********** ** **** *** ** ** automatically ****** *** ******** *** ***** *** **** **** *** password."
  • "***********, ** **** ****** *** *** *****. *** **** ***** and ********* *** ******** ** **** ** ************. ******* ******** with ************* *** **** ** ****. ** *** ******* ** customer *****, ********* **** ** *** *********. ****** ****** ****** typically ******* **** *********."
  • "**** **** ****** ** ***** *** ******* **** ***** ** document *** ********. **** ** ***** ****** *** ******** *** decided ** ****** ** ** ***** ***. ** **** **** we ******* *** *** ************ *** ********** ** * ******** reset."
  • "****** ******** **.* ** *** **** ******* *** *** ***** day. ** *** * **** *********. *** **** ******** ** just **** **** ** *** ****** ******** *** **** *** setup * *** ******** *** ***** ***** *******. "

Backup ***** ******* **** ****** ********

*********** ******** *****/*****-***** ******** *** ******** ******** ** * ********* accepted ****-********. ******* **** *********** (** ***** ********* ****) ** backup ************* ***** *** **** ** ********** ********** ** **** information, *** ** ********* *** * *********** ********. ** * minimum, *********** ****** **** *** ****** ** ********* **** * strong ***, *** *** **** ** ********-********** *******.

Manufacturer ******** ******** ******* ***********

******** ******** '********', **** ** ***********'* ****-**** ******** ********, ******** ******** *****, ****** ***** ** ******** **** ** ******. * ***** percentage ** *********** ********** ****-********* ** ******** ********* ***** ******** to ****** **** **** **** *********, *** ********** ************ ********* on **** ***** **** ****** *** ******* *******. ************* **** provide *****/******** ** ******* **** ***** ********* ** ** ** the ******* ** *** ******* ******** ** ***** *******, *** by *********, ***** *****. ***********, ** *****, **** *** ********* about *** ***** ******** ** ***** ******* ****** ******** ************* on *** ********* ** ******** ******** *********/*******, *** **** ******* consideration ** ***** ******** **** ***** ****.

Comments (10)

Alex Hackworth

09/15/17 01:34pm

***** *** ** *** ********* ***** ** ******** ******, *********, and *** ********* *** ** *** ********** *** ******** ******* that **** *** ******* ** **** *** ** *** ******* in *** *****. **** ****** **** *** *********** **** **** implemented **** *******?

Thumbnail 13391423 10154199592809754 9133287598977875009 o

Joshua Hendricks

Milestone Systems | In reply to Alex Hackworth | 09/17/17 09:14pm

*'* * *** *** ** ******** *** ******** ***, *** I ***** ****** *** ***** ** *** ******* ************* ** customer ********* ********* ** ** **********. **'* ***** ***** *** supports * ****** **************, *** *** *** ***** ********* ******* accounts ** ******.

******* ** * ***** ******* *********** ***, **** **** **** to **** * ******!

Thumbnail 395fbc4

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | In reply to Joshua Hendricks | 09/18/17 01:38pm

* ******* ***** ******** ***** **'* ********* *** ***** ** KeePass ***** *** ***** **** *** **** **** ***** **** since.

******** *** **** ****** ******** ***** ** ******** ******** ******** already =(

Undisclosed Integrator #1

09/15/17 07:18pm

**

**** ** *** ******* *** * ******** *** **** ****** database **** **, ***** *** ******** **** *******...*** ********* **** we *** ***** ******, **** **********, *** *** **** ********* security ***** ****** *** ********

Undisclosed Manufacturer #2

09/16/17 08:10pm

* *** * ******** ********* "*******" *********, ****** ** *******.

*** ******* *****'* *** **** **** ***** *** ****** *** database ******** **** ***** *******, ***** *.*. "***************". * ***** there *** **** *** *** ***. *** ******* ** *** supported ****.

** ***** *** ** ☺️

Deepak C Shankar

eSecProfession | 09/18/17 03:45am

****** ********* ******** *** ***** * ********* ******, *** ***** forget ******** ****** **** **** /**** **** ********,****** * **** (example: **-******-********************************-************.*** ) *** **** **** ** ***** ********* ******* team, **** **** ****** *** **** ***** **** (*******:**********.***). ****** this *** ***** *** *******. ** ******** *****.

Thumbnail 395fbc4

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | 09/18/17 01:37pm

* ***** ********* *** ** ***** *** **** **********/********** ******** Management *********, **** *** *** **** *** ** ****** *******, etc...

********:

  • ****
  • *******
  • ********
  • ******

Undisclosed Manufacturer #3

09/18/17 03:36pm

*** ***** ** *** ****** ** *** ********, *****?

********. *** *** ******* ***** **** ****** ** *** **** physical ****** ** *** *******.

********. *** *** ******* ******** ******** ** *** **** "*************" type ****** ** *** **. *******: ****://*************.*****.***/*****-*******-********-********-******-*****.****

**, *** ** *** ******** *********** ****** "****** ********" ( I ****** ***** *** **** ******** *** ***** ********) ** save ********* ** ****** **** *****?

*** *** ****, **** ******** **** *** ***** ** ******* admin ******** ****** ** ***** ********?

*'* *** ** *** ************:-) ** ***** ** ******* ***** password **(*** **** **) *** **** ***** ****** ** *** machine **. ***, ** *** **** **, *** *********** *** do ******** ******... *** ** ***** ** *****?

Undisclosed Manufacturer #2

In reply to Undisclosed Manufacturer #3 | 09/18/17 03:48pm

* ***** **** ***. ** *** **** **** ****** ** the *******, *** *** ** **********.

*** ** **** ***** (*.*. ******** ***** ***** ***/***), *** have ** ****** ** *** ****** ***** (***** **** *** manufacturer ******* ***** **-********), ** **** **** *** **** ****** accounts ** * **** ******** ******* ** ******* **** ********* on *** *****.

Undisclosed Manufacturer #3

In reply to Undisclosed Manufacturer #2 | 09/18/17 03:53pm

* ***** ********** ** ***** ******* *** ****** *** ***/***.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Favorite Biometrics 2018 on Apr 23, 2018
Biometrics are on the rise, or at least integrator opposition to them is declining, according to new IPVM integrator statistics.   Almost half of...
Dedicated Vs Converged Access Control Networks (Statistics) on Apr 20, 2018
Running one's access control system on a converged network, with one's computers and phones, can save money. On the other hand, hand, doing so can...
Security Camera Cleaning Frequency Statistics on Apr 18, 2018
150+ integrators told IPVM how often they clean cameras on customer's sites and why.  Inside we examine their answers and break down feedback...
Worst Access Control 2018 on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators. In this report, we analyze the answers to: "In the...
Strong ISC West 2018, Says Manufacturers, GSX / ASIS Expected Weaker on Apr 17, 2018
Manufacturers say ISC West 2018 was strong, continuing the trend we have seen in 2017 results and 2016 results. However, those same 100...
Best and Worst ISC West 2018 on Apr 16, 2018
ISC West 2018 had strong attendance, modest overall new products, and a surge in Artificial Intelligence marketing. First, here are 20+...
GDPR For Video Surveillance Guide on Apr 12, 2018
The European Union’s General Data Protection Regulation (GDPR) comes into force on May 25, but there is much confusion and no clear guidelines on...
Average Access Control Project Size 2018 on Apr 10, 2018
  The most common access control project size is 5 - 16 doors per project. This 2018 result mirrors previous statistics, most recently in 2016...
Favorite Video Analytic Manufacturers 2018 on Apr 02, 2018
Video analytics is one of the biggest trends in 2018, driven by marketing for Artificial Intelligence and Deep Learning. But what do integrators...
Stats: Disclosing Vulnerabilities Responsibility? Researcher or Manufacturer on Mar 30, 2018
Getting prompt and appropriate information on vulnerabilities is important for integrators and end users to ensure that their systems are best...

Most Recent Industry Reports

Chinese Manufacturer Kickstarter Campaign Huge Success (EverCam) on Apr 23, 2018
In a week, a Chinese manufacturer's expertly done Kickstarter campaign has received $1.4 million in pledges, an incredible amount for a video...
Favorite Biometrics 2018 on Apr 23, 2018
Biometrics are on the rise, or at least integrator opposition to them is declining, according to new IPVM integrator statistics.   Almost half of...
Dahua and Hikvision Win Over $1 Billion In Government-Backed Projects In Xinjiang on Apr 23, 2018
Dahua and Hikvision have won well over $1 billion worth of government-backed surveillance projects in China’s restive Xinjiang province since 2016,...
May 2018 Camera Course on Apr 20, 2018
Save $50 on early registration until this Thursday, the 26th. Register now (save $50) for the Spring 2018 Camera Course This is the only...
Global Real-Time Video Surveillance - EarthNow on Apr 20, 2018
A new company, EarthNow, with backing from Bill Gates, Airbus and more, is claiming that: Users will be able to see places on Earth with a delay...
Dedicated Vs Converged Access Control Networks (Statistics) on Apr 20, 2018
Running one's access control system on a converged network, with one's computers and phones, can save money. On the other hand, hand, doing so can...
April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Security Camera Cleaning Frequency Statistics on Apr 18, 2018
150+ integrators told IPVM how often they clean cameras on customer's sites and why.  Inside we examine their answers and break down feedback...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact