Are you still using the Default Admin password on every copier you install?

Re: Are you still using the Default Admin password on every copier you install?

The company I worked for provided a company email for each employee. He also required that we all use the same password. Since everyone had to remember that password, we also used it as the admin password for every machine we unboxed unless the customer or their IT provided one in writing in advanced.

Also at one time before we had our own webpage there was one Ricoh tech that always used the Model number as the password such as DSc328.

Re: Are you still using the Default Admin password on every copier you install?

... a modern security audit would flag using the password DSC328 on 2+ machines as a security weakness.

Re: Are you still using the Default Admin password on every copier you install?


... so how did you store and retrieve 100s of unique passwords?

I am aware of the California law requiring all IOT (Internet of Things) devices to be programmed upon first install away from the default password. I am not aware that this law was enacted anywhere else.

Re: Are you still using the Default Admin password on every copier you install?



Use the serial number.

Re: Are you still using the Default Admin password on every copier you install?

Unless you have other compensating controls in place. We just placed several MFP's with a regulated customer, all of them have the same admin credentials but the web interface is only available from a single administrative system that is accessible via AD by specific staff, anyone else who tries to log in is blocked by Group policy.

Yes, you could use the credentials from the machine's op panel, but at that point you're not getting very far since the machines can only talk to two internal servers, and those are configured using Windows authentication which isn't directly accessible from either the web interface or the machine itself.

It all depends on how granular you want to get, and even in smaller environments we may set up different admin accounts for different functions.

Overall, we definitely do NOT use the default passwords on any MFP. We will set one just for our staff for customer machines so that there is a fallback if they forget their password, but only two of our staff have access to those, and if it gets used for a specific machine, we will change it on the next service visit.

Re: Are you still using the Default Admin password on every copier you install?

Nope. Most of techs would turn off any password they can as too much grief. There's no advanced law enforcements here but I like to be proactive. They will come soon or later.

Re: Are you still using the Default Admin password on every copier you install?

I like this idea. Use the last four-six digits of the copier's serial #. It is always on the copier somewhere but there is no way a hacker could know it unless they are physically near the copier.

Re: Are you still using the Default Admin password on every copier you install?


On Ricoh for example you can view the serial number BEFORE logging in!

Not sure about other manufacturers.

Re: Are you still using the Default Admin password on every copier you install?

Full credit goes to KYO for the serial number idea. It was in the attachment that he posted.

Re: Are you still using the Default Admin password on every copier you install?

If that were the case then every Windows 10 computer sold in California is in violation.

Re: Are you still using the Default Admin password on every copier you install?

This entire discussion is moot at least for Ricoh. With as many people that have openly posted certain proprietary information here, any hacker in the world would have ne problem resetting the passwords to default.

Re: Are you still using the Default Admin password on every copier you install?

Not on a Toshiba but excellent point! This assumes that a hacker knows the IP address of the copier.