Are you still using the Default Admin password on every copier you install?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • tsbservice
    Field tech

    Site Contributor
    5,000+ Posts
    • May 2007
    • 7968

    #16
    A tree is known by its fruit, a man by his deeds. A good deed is never lost, he who sows courtesy, reaps friendship, and he who plants kindness gathers love.
    Blessed are they who can laugh at themselves, for they shall never cease to be amused.

    Comment

    • slimslob
      Retired

      Site Contributor
      25,000+ Posts
      • May 2013
      • 37289

      #17
      Re: Are you still using the Default Admin password on every copier you install?

      The company I worked for provided a company email for each employee. He also required that we all use the same password. Since everyone had to remember that password, we also used it as the admin password for every machine we unboxed unless the customer or their IT provided one in writing in advanced.

      Also at one time before we had our own webpage there was one Ricoh tech that always used the Model number as the password such as DSc328.

      Comment

      • SalesServiceGuy
        Field Supervisor

        Site Contributor
        5,000+ Posts
        • Dec 2009
        • 8140

        #18
        Re: Are you still using the Default Admin password on every copier you install?

        Originally posted by slimslob
        The company I worked for provided a company email for each employee. He also required that we all use the same password. Since everyone had to remember that password, we also used it as the admin password for every machine we unboxed unless the customer or their IT provided one in writing in advanced.

        Also at one time before we had our own webpage there was one Ricoh tech that always used the Model number as the password such as DSc328.
        ... a modern security audit would flag using the password DSC328 on 2+ machines as a security weakness.

        Comment

        • SalesServiceGuy
          Field Supervisor

          Site Contributor
          5,000+ Posts
          • Dec 2009
          • 8140

          #19
          Re: Are you still using the Default Admin password on every copier you install?


          ... so how did you store and retrieve 100s of unique passwords?

          I am aware of the California law requiring all IOT (Internet of Things) devices to be programmed upon first install away from the default password. I am not aware that this law was enacted anywhere else.

          Comment

          • BillyCarpenter
            Field Supervisor

            Site Contributor
            VIP Subscriber
            10,000+ Posts
            • Aug 2020
            • 16308

            #20
            Re: Are you still using the Default Admin password on every copier you install?

            Originally posted by SalesServiceGuy
            ... so how did you store and retrieve 100s of unique passwords?

            I am aware of the California law requiring all IOT (Internet of Things) devices to be programmed upon first install away from the default password. I am not aware that this law was enacted anywhere else.


            Use the serial number.
            Adversity temporarily visits a strong man but stays with the weak for a lifetime.

            Comment

            • rthonpm
              Field Supervisor

              2,500+ Posts
              • Aug 2007
              • 2848

              #21
              Re: Are you still using the Default Admin password on every copier you install?

              Originally posted by SalesServiceGuy
              ... a modern security audit would flag using the password DSC328 on 2+ machines as a security weakness.
              Unless you have other compensating controls in place. We just placed several MFP's with a regulated customer, all of them have the same admin credentials but the web interface is only available from a single administrative system that is accessible via AD by specific staff, anyone else who tries to log in is blocked by Group policy.

              Yes, you could use the credentials from the machine's op panel, but at that point you're not getting very far since the machines can only talk to two internal servers, and those are configured using Windows authentication which isn't directly accessible from either the web interface or the machine itself.

              It all depends on how granular you want to get, and even in smaller environments we may set up different admin accounts for different functions.

              Overall, we definitely do NOT use the default passwords on any MFP. We will set one just for our staff for customer machines so that there is a fallback if they forget their password, but only two of our staff have access to those, and if it gets used for a specific machine, we will change it on the next service visit.

              Comment

              • tsbservice
                Field tech

                Site Contributor
                5,000+ Posts
                • May 2007
                • 7968

                #22
                Re: Are you still using the Default Admin password on every copier you install?

                Originally posted by SalesServiceGuy
                ... so how did you store and retrieve 100s of unique passwords?

                I am aware of the California law requiring all IOT (Internet of Things) devices to be programmed upon first install away from the default password. I am not aware that this law was enacted anywhere else.
                Nope. Most of techs would turn off any password they can as too much grief. There's no advanced law enforcements here but I like to be proactive. They will come soon or later.
                A tree is known by its fruit, a man by his deeds. A good deed is never lost, he who sows courtesy, reaps friendship, and he who plants kindness gathers love.
                Blessed are they who can laugh at themselves, for they shall never cease to be amused.

                Comment

                • SalesServiceGuy
                  Field Supervisor

                  Site Contributor
                  5,000+ Posts
                  • Dec 2009
                  • 8140

                  #23
                  Re: Are you still using the Default Admin password on every copier you install?

                  Originally posted by BillyCarpenter
                  Use the serial number.
                  I like this idea. Use the last four-six digits of the copier's serial #. It is always on the copier somewhere but there is no way a hacker could know it unless they are physically near the copier.

                  Comment

                  • copier tech
                    Field Supervisor

                    5,000+ Posts
                    • Jan 2014
                    • 8131

                    #24
                    Re: Are you still using the Default Admin password on every copier you install?

                    Originally posted by SalesServiceGuy
                    I like this idea. Use the last four-six digits of the copier's serial #. It is always on the copier somewhere but there is no way a hacker could know it unless they are physically near the copier.

                    On Ricoh for example you can view the serial number BEFORE logging in!

                    Not sure about other manufacturers.
                    Let us eat, drink, and be merry, because tomorrow we may die!

                    For all your firmware & service manual needs please visit us at:

                    www.copierfirmware.co.uk - www.printerfirmware.co.uk

                    Comment

                    • BillyCarpenter
                      Field Supervisor

                      Site Contributor
                      VIP Subscriber
                      10,000+ Posts
                      • Aug 2020
                      • 16308

                      #25
                      Re: Are you still using the Default Admin password on every copier you install?

                      Full credit goes to KYO for the serial number idea. It was in the attachment that he posted.
                      Adversity temporarily visits a strong man but stays with the weak for a lifetime.

                      Comment

                      • slimslob
                        Retired

                        Site Contributor
                        25,000+ Posts
                        • May 2013
                        • 37289

                        #26
                        Re: Are you still using the Default Admin password on every copier you install?

                        Originally posted by KYO_OEM
                        @Billy,

                        KDC is not sleeping.
                        California IoT Security Act SB 327 Enclosed new security rule for next generation of Iris (TaskAlfa 2554ci, etc..)If "older" systems get this "modification", i don`t know at the moment.
                        [ATTACH=CONFIG]48899[/ATTACH]
                        If that were the case then every Windows 10 computer sold in California is in violation.

                        Comment

                        • slimslob
                          Retired

                          Site Contributor
                          25,000+ Posts
                          • May 2013
                          • 37289

                          #27
                          Re: Are you still using the Default Admin password on every copier you install?

                          This entire discussion is moot at least for Ricoh. With as many people that have openly posted certain proprietary information here, any hacker in the world would have ne problem resetting the passwords to default.

                          Comment

                          • SalesServiceGuy
                            Field Supervisor

                            Site Contributor
                            5,000+ Posts
                            • Dec 2009
                            • 8140

                            #28
                            Re: Are you still using the Default Admin password on every copier you install?

                            Originally posted by copier tech
                            On Ricoh for example you can view the serial number BEFORE logging in!

                            Not sure about other manufacturers.
                            Not on a Toshiba but excellent point! This assumes that a hacker knows the IP address of the copier.

                            Comment

                            Working...