Forgotten Password Problem Importance (Statistics)

Author: Michael Budalich, Published on Sep 15, 2017

Forgotten passwords has become a major industry topic.

For example, Hikvision has been emailing admin passwords in plain text until IPVM's reporting prompted them to stop it.

And XiongMai, famous for its role in 2016's massive Mirai botnet attacks, allows mass emailing master password lists, like so:

Dahua and Hikvision still send out passwords, even after Hikvision's previous tool was cracked.

How Big A Problem Is This?

The great lengths that these companies go clearly implies that some people are having significant problems with forgotten passwords.

But how big of a problem is it overall?

150 integrators responded to IPVM's survey question:

How significant of a problem is your customers forgetting their recorder's password? What do you typically do when it happens?

In this report we examine the problem of lost admin passwords, how integrators manage this problem, and why manufacturer support for recoverable admin passwords is poor design.

********* ********* *** ****** * ***** ******** *****.

*** *******,********* *** **** ******** ***** ********* ** ***** ********* ****'* ********* ******** **** ** **** **.

***********, ****** *** *** **** ** ****'* ******* ***** *************, ********** ******** ****** ******** *****, **** **:

***** *** ********* ***** **** *** *********, **** **************'* ******** **** *** *******.

How *** * ******* ** ****?

*** ***** ******* **** ***** ********* ** ******* ******* **** some ****** *** ****** *********** ******** **** ********* *********.

*** *** *** ** * ******* ** ** *******?

*** *********** ********* ** ****'* ****** ********:

*** *********** ** * ******* ** **** ********* ********** ***** recorder's ********? **** ** *** ********* ** **** ** *******?

** **** ****** ** ******* *** ******* ** **** ***** passwords, *** *********** ****** **** *******, *** *** ************ ******* for *********** ***** ********* ** **** ******.

[***************]

Lost ********* ****** ****** ***********

*********** ******* ***** ********* ********* ** ** *************:

**** **** **** **** *** **** **** ********* ***** ****** passwords, *** **** *********** ********** ****, *** ****** *** ******* in *******, ** ********* ***** ****. *** *** **** ****** approaches **** ***** ****** ********, ** *********** **** ***********.

Solved **** ****** *******

*** **** ****** ******** (~**% ** *********** ****** ******* **** significant) ** ******** **** ********* *** ** ******** * ****** account, ** ******** *** ** *** ***** *******. ******* ** giving ***** ***** ******, **** ******* ***** **** ***** *** accounts. **** ******* *** *********** ** ***** **** ***** ******** and ***** *** ********** ***** ********.

  • "*** * **** ******* ** ** ******* **** *** ************* password ***** ** ** *** ****** *** **** *** ***** their ********. ** ****** *******, *** **** ** **** ** is *** **** ********* **** *** ****."
  • "** ** *** * *********** ******* *** ** **** ** do ****** ******* ******* * ***** *** ** ****** **** in ******* ******* (** *********** ** ***** ** ** **** little). **** * *** ********** *** ***** ********** ******* ***** managed **********, ** ******* **** *** *** ***** *******."
  • "**** **** *** ****** **** *****, *** **** ** **** it ** *** *** ******* *************. * ***** ** ** because **** ***'* *** ** ***** **** **** **. ***** are *** **** ***** ** ***'* **** ****** ****** **, so ** **** ****** ** *** ***** *** ********. **** places *** **** **** ** **** ****** ****** ***** **** our *** ******** *** ******** **** ***** ******."
  • "****** ********. ** ******** *** ********* ** **** ** ******* so ** **** ****** ***-** *** ******/****** ***** ******** ** work **** *** ************ **** ******* ** ***** *** **** as * ***** **** ********."
  • "** ****** ****** ** ***** **** **** ***** ****** *** solving ***** ******** ******** *****."
  • "** ** *** **** *** ***** ******** ****. ** ****** remotely ****** *** ******** ** ******."
  • "** ****** **** * ****** ** ************** ******** ********* ******** recovery ** *** ******* ** ******. ** ******** * ****** internal ******** ****** ** ****** *** ******* ** * ******* system ********* ****** *********, ********** ********* *** ************** *********."
  • "** ****** **** * ******** ***** ******** ** ** *** change ****** ** ******. **** ** *** ******** ** ** Admin ** **** **** ********."
  • "*** *****, *** **'* * *** ******* **** ** ****. We ********* **** *** *** ***** ********, ********* ************ ****** or **** **** (** *** :*)"
  • "** ********* ***'* **** **** ***** ** ** ****** * login *** **** *** *** *** ** **** *** ** can ****** *** **** *** ******. ********* ****** **** ** have *** ****** **** ** ** **** ** ******* *** system."
  • "** **** * ****** ** *** ********* ** ***** ***** password ** ******** ****** ************ *********. ** **** ******** ** admin ***** ***** ******* ** *** *****. ** ******** ******* most ***** *** ** **** **** **** **** *** ****** it ******* * *********** **** ** **** *** ********** *** recovery."
  • "*** ********* ****** ******. ** **** ** ** **** * password *** *** ***** ***** ******** **** *********."
  • "********* ***** ** ********** ******** ***** ***** *** ******** ** the ********. **** ****** ** ** ****** ***** ********."
  • "*** ******* ** ***** **** ** ** ********* **** ** install ******* ** *** ** * ******** ***** ******* *** our *******"

Solved **** *************

*** ***** ****** ********, ~**% ** ***** *** **** **** passwords **** *** * *********** *****, *** ** **** ************* of *********, ** **** ********* ***** ** ******** **** ***** password ***.

  • "** **** *** *** ******** ** *** ** *** *** customer ******* *** ****** ******."
  • "******* ** **** ** *** *******. **** **** *** ******** we ******** ** *** **** ** *********."
  • "*********... ** **** ** *** **** **** ******* ** *** installations ** * ******* ******** **** ** **** ***...*** **** can **** **** ********"
  • "**** ************ ****** *** **** **. ** *** ** **** a ******** ****** ** *** *****."
  • "*** * ****** *******. ** ** ******* **** * ****** of ******* ******** ** **** ** **** ** ****** **** they ****."
  • "** **** * ****** ** *** *********, ** *****'* ****** often ******."
  • "* ***'* ******** * ****** ********. ** ****** ******** *** credentials"
  • "*** *******. * ****** *** ************, **** **** *** ********** works *** ***** *** * ***** **** *** *** ******* of *** ******. * **** **** **** **** *********** *** login *********** *** ********* *** ** **** ** * **** place. ****** * **** ****** ******** ******* ***** ***** *********** and ***** *** ***** **** *** *** **** ** *** system. ***********, * ******** ********** *** *** **** **** **** this *******."

Rarely *******

*** **** ***********, ********* ********* *** * **** **********. **** may ** *** ** ******* **** *** ****** *********, ** other ************** ******* **** ****** ********* ************, ***** ********* ********* would ****** ** ******* ** *** ********* ** **********, ******* of *** **********.

  • "*** ***** ** ***. *** **** **** **, **'* * service ****. ** *** *** ******** ** ******* ********** *********** subscriptions ***** *** ******* ** ****** **** **** ********** ** the ***** ******."
  • "*% ****, ** **** *** *** ****** ******** ****** *** high ******* ******* ***** **** ** *** ***** ****."
  • "*** *********** ** *** ******* ****** **** *** ****** **** on ***** *******. ***** ******* *** ******* ******** *********, ** we ******* *** ****** ** ** **** ** **** *** in."
  • "** *** *** **** * *********** *****."
  • "*** ********* ****** ******. ** **** ** ** **** * password *** *** ***** ***** ******** **** *********."
  • "*** ***********; ** *** * ********* ******** ** **** *******, and **** ********* ** *** ****** **."
  • "*************. ****** *** ************* *** ********** **** ******* ****** *********."
  • "*** ***** *** **** ** **** ** ****** ** ********* it *** ****."

Significant ******* *********

*********** *** **** **** ********* ** * *********** ******* ***** relied ** ************ ******* ** ***** ** ***** **** ******** problems:

  • "**** ******. ** **** ** ************* ** **** **** **** of ******** *******. * **** ***** ********** * ******* ********** where ** *** ********** **** *** *** ***** ******** ** we *** ****** ****** *** *********, *** **** ********* ** not **** **** ****."
  • "*****. ** **** ***** * *** ** ****** **** ** their ****** ***** **** ******** ************* *** ****** ** *** be ******** **** **** ** ****."
  • "*** *** ************ *******"
  • "**** ***********, ** **** *********** ** **** *** ** ** automatically ****** *** ******** *** ***** *** **** **** *** password."
  • "***********, ** **** ****** *** *** *****. *** **** ***** and ********* *** ******** ** **** ** ************. ******* ******** with ************* *** **** ** ****. ** *** ******* ** customer *****, ********* **** ** *** *********. ****** ****** ****** typically ******* **** *********."
  • "**** **** ****** ** ***** *** ******* **** ***** ** document *** ********. **** ** ***** ****** *** ******** *** decided ** ****** ** ** ***** ***. ** **** **** we ******* *** *** ************ *** ********** ** * ******** reset."
  • "****** ******** **.* ** *** **** ******* *** *** ***** day. ** *** * **** *********. *** **** ******** ** just **** **** ** *** ****** ******** *** **** *** setup * *** ******** *** ***** ***** *******. "

Backup ***** ******* **** ****** ********

*********** ******** *****/*****-***** ******** *** ******** ******** ** * ********* accepted ****-********. ******* **** *********** (** ***** ********* ****) ** backup ************* ***** *** **** ** ********** ********** ** **** information, *** ** ********* *** * *********** ********. ** * minimum, *********** ****** **** *** ****** ** ********* **** * strong ***, *** *** **** ** ********-********** *******.

Manufacturer ******** ******** ******* ***********

******** ******** '********', **** ** ***********'* ****-**** ******** ********, ******** ******** *****, ****** ***** ** ******** **** ** ******. * ***** percentage ** *********** ********** ****-********* ** ******** ********* ***** ******** to ****** **** **** **** *********, *** ********** ************ ********* on **** ***** **** ****** *** ******* *******. ************* **** provide *****/******** ** ******* **** ***** ********* ** ** ** the ******* ** *** ******* ******** ** ***** *******, *** by *********, ***** *****. ***********, ** *****, **** *** ********* about *** ***** ******** ** ***** ******* ****** ******** ************* on *** ********* ** ******** ******** *********/*******, *** **** ******* consideration ** ***** ******** **** ***** ****.

Comments (10)

Bob McCarvill

09/15/17 01:34pm

***** *** ** *** ********* ***** ** ******** ******, *********, and *** ********* *** ** *** ********** *** ******** ******* that **** *** ******* ** **** *** ** *** ******* in *** *****. **** ****** **** *** *********** **** **** implemented **** *******?

Avatar

Joshua Hendricks

Milestone Systems | In reply to Bob McCarvill | 09/17/17 09:14pm

*'* * *** *** ** ******** *** ******** ***, *** I ***** ****** *** ***** ** *** ******* ************* ** customer ********* ********* ** ** **********. **'* ***** ***** *** supports * ****** **************, *** *** *** ***** ********* ******* accounts ** ******.

******* ** * ***** ******* *********** ***, **** **** **** to **** * ******!

Avatar

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | In reply to Joshua Hendricks | 09/18/17 01:38pm

* ******* ***** ******** ***** **'* ********* *** ***** ** KeePass ***** *** ***** **** *** **** **** ***** **** since.

******** *** **** ****** ******** ***** ** ******** ******** ******** already =(

Undisclosed Integrator #1

09/15/17 07:18pm

**

**** ** *** ******* *** * ******** *** **** ****** database **** **, ***** *** ******** **** *******...*** ********* **** we *** ***** ******, **** **********, *** *** **** ********* security ***** ****** *** ********

Undisclosed Manufacturer #2

09/16/17 08:10pm

* *** * ******** ********* "*******" *********, ****** ** *******.

*** ******* *****'* *** **** **** ***** *** ****** *** database ******** **** ***** *******, ***** *.*. "***************". * ***** there *** **** *** *** ***. *** ******* ** *** supported ****.

** ***** *** ** ☺️

Deepak C Shankar

eSecProfession | 09/18/17 03:45am

****** ********* ******** *** ***** * ********* ******, *** ***** forget ******** ****** **** **** /**** **** ********,****** * **** (example: **-******-********************************-************.*** ) *** **** **** ** ***** ********* ******* team, **** **** ****** *** **** ***** **** (*******:**********.***). ****** this *** ***** *** *******. ** ******** *****.

Avatar

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | 09/18/17 01:37pm

* ***** ********* *** ** ***** *** **** **********/********** ******** Management *********, **** *** *** **** *** ** ****** *******, etc...

********:

  • ****
  • *******
  • ********
  • ******

Undisclosed Manufacturer #3

09/18/17 03:36pm

*** ***** ** *** ****** ** *** ********, *****?

********. *** *** ******* ***** **** ****** ** *** **** physical ****** ** *** *******.

********. *** *** ******* ******** ******** ** *** **** "*************" type ****** ** *** **. *******: ****://*************.*****.***/*****-*******-********-********-******-*****.****

**, *** ** *** ******** *********** ****** "****** ********" ( I ****** ***** *** **** ******** *** ***** ********) ** save ********* ** ****** **** *****?

*** *** ****, **** ******** **** *** ***** ** ******* admin ******** ****** ** ***** ********?

*'* *** ** *** ************:-) ** ***** ** ******* ***** password **(*** **** **) *** **** ***** ****** ** *** machine **. ***, ** *** **** **, *** *********** *** do ******** ******... *** ** ***** ** *****?

Undisclosed Manufacturer #2

In reply to Undisclosed Manufacturer #3 | 09/18/17 03:48pm

* ***** **** ***. ** *** **** **** ****** ** the *******, *** *** ** **********.

*** ** **** ***** (*.*. ******** ***** ***** ***/***), *** have ** ****** ** *** ****** ***** (***** **** *** manufacturer ******* ***** **-********), ** **** **** *** **** ****** accounts ** * **** ******** ******* ** ******* **** ********* on *** *****.

Undisclosed Manufacturer #3

In reply to Undisclosed Manufacturer #2 | 09/18/17 03:53pm

* ***** ********** ** ***** ******* *** ****** *** ***/***.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Private School IT Manager Surveillance Interview on Feb 22, 2019
This IT manager describes himself as the "oft-maligned IT person" whose "opinions may not always be appreciated by the integrator crowd." But he is...
HID Favorability Results 2019 on Feb 21, 2019
HID favorability results were strong, in the 2019 IPVM integrator study of 200+ integrators, with a net +62% and low negativity as the table below...
Ubiquiti Favorability Results 2019 on Feb 18, 2019
Ubiquiti has quietly grown into a $1+ billion annual revenue company, with offerings across wireless, wireline network and video surveillance (see...
Uniview / UNV Favorability Results 2019 on Feb 12, 2019
Uniview / UNV, the self-proclaimed #3 China manufacturer, while starting late, has been working to make inroads internationally. In IPVM's 2019...
Barnes Buchanan 2019: Despite 'Strange Narrative' Great Time To Be In Security on Feb 11, 2019
A "strange narrative" is being spun, said Michael Barnes at the 2019 Barnes Buchanan Conference. However, despite that narrative, it is a "great...
FLIR Favorability Results 2019 on Feb 08, 2019
FLIR has had a challenging past few years including FLIR Security business struggling, FLIR restructuring their security division and FLIR selling...
Sony Favorability Results 2019 on Feb 06, 2019
Sony Favorability amongst integrators improved moderately compared to their 2017 favorability results, with a modest net positive...
Hanwha Techwin Favorability Results 2019 on Jan 31, 2019
Hanwha Techwin's favorability results surged, in IPVM's 2019 study, going from barely neutral in 2016 to strongly net positive, as the results...
Vivotek Favorability Report 2019 on Jan 29, 2019
Taiwanese video surveillance manufacturers, even relatively large ones like Vivotek, have lost ground in the PRC-China-driven race to the bottom....
Verkada Cloud VMS/Cameras Tested on Jan 28, 2019
Verkada is arguably the most ambitious video surveillance startup in many years. The company is developing their own cameras, their own VMS, their...

Most Recent Industry Reports

Outdoor Camera Mounting Hardware Guide on Feb 21, 2019
Mounting cameras outdoors can be challenging, requiring understanding different types of equipment and methods. In this guide, we teach this...
HID Favorability Results 2019 on Feb 21, 2019
HID favorability results were strong, in the 2019 IPVM integrator study of 200+ integrators, with a net +62% and low negativity as the table below...
First US State, Vermont, Bans Dahua and Hikvision on Feb 21, 2019
The first US state, Vermont, has issued a ban on a number of Chinese and Russian manufacturers including the world's 2 largest video surveillance...
ADI 'SAVE BIG' On FLIR And Hikvision Examined on Feb 20, 2019
One is a major US defense supplier. The other is owned by the Chinese government. But you can "SAVE BIG" on both at ADI. In this note, we...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Security Installation Tools Guide - 22 Tools Listed on Feb 19, 2019
In this guide, we cover 22 tools that security installers frequently use. This is one part of our upcoming Video Surveillance...
Sales Cuts At Rasilient on Feb 19, 2019
Over the past 2 years, video surveillance storage specialist Rasilient has expanded its workforce significantly, aiming to build its own branded...
Exacq Raises VMS Software Pricing Twice in Less Than a Year on Feb 18, 2019
Most VMSes regularly release new features, but rarely increase their prices. For the 3rd time in 4 years, and 2nd time in 8 months, since being...
Axis IR Multi Imager Camera Tested (P3717-PLE) on Feb 18, 2019
Axis has released their first IR multi imager, the P3717-PLE, a repositionable model listing 360° IR illumination and flexible positioning,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact