1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

[Solved] Why should I bother changing my broadband router's default password?

Discussion in 'Networking & Security' started by qubit, Jan 29, 2014.

  1. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    Ok, this isn't quite the numpty question that it first appears and here's my reasoning:

    Firstly, there's no threat at all from inside my network from malicious household members, naughty kids etc. So no one's gonna log into it and screw it up. What about an infected PC? Well, I don't remember ever getting a malware infection in the 15+ years I've had PCs since I take all the usual precautions, so this is a very unlikely problem.

    Secondly, the external web interface is switched off so no one can attempt to try and log in to it.

    Thirdly I have the SPI firewall switched on.

    I leave it like this, because I find it very convenient to leave the default password as it is since it prevents me having to do a potential router factory reset should I forget it and can't find it written down somewhere.

    So, if you think I have a gaping security hole here, I'd like to hear about it. :)

    EDIT: I have Wi-Fi turned off on my router too. It's ethernet only for me. ;)
     
    Last edited: Jan 30, 2014
  2. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,589 (10.09/day)
    Thanks Received:
    6,092
    Location:
    Chatsworth, GA
    They are ways around it but really pointless to try. I usually set them to something other than the default though.
     
    Crunching for Team TPU
  3. micropage7

    micropage7

    Joined:
    Mar 26, 2010
    Messages:
    5,817 (3.54/day)
    Thanks Received:
    1,345
    Location:
    Jakarta, Indonesia
    its up to your situation
    if theres no threat its ok to leave it default
     
  4. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,569 (6.25/day)
    Thanks Received:
    3,505
    Location:
    IA, USA
    If you want to have unprotected sex, you're responsible for the consequences.
    [​IMG]
     
    Crunching for Team TPU
  5. FX-GMC

    FX-GMC

    Joined:
    Aug 26, 2013
    Messages:
    845 (2.15/day)
    Thanks Received:
    322
    Location:
    Cumberland Plateau
    Those viruses can be slightly more permanent tho.....
     
  6. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    You'll have to do better than that.

    Given my scenario, I'd be grateful if you could explain exactly why it's such a risk.
     
  7. erocker

    erocker Super Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    39,678 (13.28/day)
    Thanks Received:
    14,074
    Even a simple password that anyone can remember is probably better than using the default password. It's really not a hard choice to make.
     
    FordGT90Concept says thanks.
  8. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    Oh I know and everywhere else I do just that. It's just so convenient to leave it like this for my routers.

    Also, it's just that I've been doing this for years with my routers and have never had a problem so I'm curious to know if I've missed something. From the answers I'm getting here, it looks like I'm doing ok.

    In any security related advice one reads you always see them say to change the password and I agree with that in general. It's just that in my scenario, it would seem that I can get away without doing this.
     
  9. jihadjoe

    jihadjoe

    Joined:
    Oct 26, 2011
    Messages:
    385 (0.36/day)
    Thanks Received:
    97
    The answer really is why not?
    It takes minimal effort to set a new password, and in the off chance that you do contact malware that makes use of a table of default router passwords you'll be safer for having changed it.
     
    qubit says thanks.
  10. Sasqui

    Sasqui

    Joined:
    Dec 6, 2005
    Messages:
    7,652 (2.38/day)
    Thanks Received:
    1,402
    Location:
    Manchester, NH
    Mussels will use one of his Cantennas and take over your network, then your world. Be warned.
     
    qubit says thanks.
  11. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.98/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    It's true that there is but a slim chance your router may be compromised, but if you can make that chance even slimmer through a simple password change it would seem prudent to do so, no?
     
    qubit and FordGT90Concept say thanks.
  12. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,569 (6.25/day)
    Thanks Received:
    3,505
    Location:
    IA, USA
    Sure, but for how long? I could envision someone compromising one of your computers through a software exploit then using that terminal to access the router to forward ports, start a service to listen on that port (e.g. RDC), and then they have a backdoor to do whatever they want with your computer, whenever they want. That includes highly illegal things like distributing illegal content (e.g. child porn).

    Point is: it's easy to establish reasonable security. There's absolutely no reason not to except general laziness and that is never a valid excuse.
     
    Last edited: Jan 29, 2014
    95Viper and qubit say thanks.
    Crunching for Team TPU
  13. Divide Overflow

    Divide Overflow

    Joined:
    Apr 15, 2009
    Messages:
    196 (0.10/day)
    Thanks Received:
    56
    It might be really inconvenient to have to lock my front door and carry a house key around with me everywhere. The area is pretty safe and the chances of someone actually attempting to get in are pretty small. But the cost of that happening? It's well worth the trivial task of securing things properly.
     
    qubit and FordGT90Concept say thanks.
  14. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    Ok thanks people, so it looks like there really isn't much chance of getting nailed by doing this and you have answered my question.

    I agree that it's prudent to change it just in case something does find a way in and I've now done it.
     
    95Viper says thanks.
  15. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,375 (2.01/day)
    Thanks Received:
    1,582
    Location:
    στο άλφα έως ωμέγα
    I am going to say change it. Why? Depends on your own level of paranoia; and, it is simple for most who understand how to.
    And, if need be, you can always set the router back to default, with the original password, anytime you wish.

    If the router was supplied by your ISP... chances are they recorded it and you can figure that one out.
    Manufacturers probably record them; and, if that data were to leak; all someone would need to do is pull your router info and compare it to get the default passwords. (remote possibility, however, still a possibility)

    I do know of a particular (ISP) company that does record the default passwords; so, if they need to access the router they can (for maintenance,customer problems, etc.).

    Now, if you block the outside access, all fine and dandy... but, your average user does not even understand what a router actually is... much less blocking outside access or router settings.

    And, then there is what Ford stated in post #12.

    Three letters... NSA. Be paranoid... be very paranoid!:fear:
     
    qubit says thanks.
  16. redeye

    redeye

    Joined:
    Dec 24, 2010
    Messages:
    209 (0.15/day)
    Thanks Received:
    36
    Location:
    mississauga, on, Canada
    remember if you have physical access to the router it is moot point... meaning to reset it to default, you just need to hit the reset button for what 20 seconds ...boom ...Your in.

    now the The question is can you access the router set up menu from the Internet...?. dont know... have heard of exploits that change your DNS address, from the internet... (my old sagemcom modem, required the serial number to be entered in order to change the dns address... for example if i wanted to change it use unblock-us.com to get the US content from canada...)

    their is also the question of the port 30005 (or others) that allow access to the router.

    while i have changed the routers password on my router, it is a it is a trivial matter to reset it if you have access to the router...

    so really you just need to determine if you can only access the router set up from a non-routable Internet address... (192.168....) i think you can set an apple airport extreme to allow setup over the WAN (internet) but apple does warn you about the security implications...
     
  17. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    95, redeye - yes, I have turned off web access as in my OP. Leaving the default password with web access on would indeed be a very numpty thing to do.

    But I get the point about being extra careful from eveyone's reply and have already changed it.

    My router is a TP-Link one, not the one the ISP provided me with, so their backdoors don't apply to me.
     
  18. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,806 (1.76/day)
    Thanks Received:
    603
    Why wouldn't you change your admin password?
     
  19. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    For convenience, as I explained in my OP. However, you lot have convinced me to do it and I've already done it as I explained above. :)
     
  20. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,806 (1.76/day)
    Thanks Received:
    603
    Yey Good jorb
     
  21. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,231 (11.61/day)
    Thanks Received:
    9,529
    because bad people like me with good knowledge of wifi security can breach your network in anything from 10 minutes to 2 weeks. the people who can hack it are limited to say, within 1KM of your location - but if you have a bunch of neighbours you dont know, you cant be sure they wont try and hack you. all it takes is one $30 wifi adaptor off ebay, a spare PC, and patience. the tools are automated these days.

    me and a friend competed to see how many networks would could breach in a week (and yes, we left them alone - we just wanted to figure out what brands/settings were secure) and we managed anywhere from 1 to 5 networks a day, depending on security.

    the major ISP around here has a flaw in all their older, very common wifi G routers that allows you to crack it within 48 hours, for example - so a scan for wifi G routers with their name in the SSID, start the attack, login to router with default admin/admin, save a backup of the routers settings and open the backup. we then have their phone number and last name (name is used for login) and we can login to their web account if we wanted to and snoop for even more details.

    simply changing the routers password would mean we had internet access and possibly access to shared folders on the network, but nothing else.

    (FWIW: use WPA2-PSK and a 10+ character password that is NOT a name or word. those take weeks to months to crack, and most people would merely give up. disable WPS 'pin code' features as well, those are a major weakness)
     
    qubit says thanks.
  22. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.96/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    Oh yes, using Wi-Fi is a definite no-no in my household - nothing worse than exposing your internal network to anyone within radio range. It's all ethernet cables for me. My bad I forgot to say in my OP that I don't use Wi-Fi. I've fixed this with an edit now.

    Great explanation you've got there anyhow. :)

    And yes, I know you're a Bad Person, Mussels. :p
     
  23. Tonduluboy

    Joined:
    Jun 19, 2012
    Messages:
    67 (0.08/day)
    Thanks Received:
    9
    Location:
    Sabah, Malaysia
    Been using wireless router for the past 6-8 yrs, replaced few. However, due to my location etc etc i never change my any default password for the same reason with OP.
    The closes neighbour is my relative which is 100m away. I saw my cousin hacking other people wireless internet in just a few mins using an illegal software n hardware bought thru internet cheaply.

    My point is, most people dont go around n sneak into your router. Even if you have a new password, if somebody who know how to crack it really wanna break into your router there is always a way.
    Anyway, if you wanna feel more secure, key in a new password is always a good move.
     
    qubit says thanks.
  24. redeye

    redeye

    Joined:
    Dec 24, 2010
    Messages:
    209 (0.15/day)
    Thanks Received:
    36
    Location:
    mississauga, on, Canada
    sometimes, those that don't have great memory, prefer to leave "unimportant" passwords as is...

    (if you forget the password to the router, it is a pain to factory reset your router, and recreate the setup... for example it is a pain in some routers to setup DHCP reservations... having to type in the mac address for each device (mythtv, 3 tuners)... thus sometimes it is easier to leave it at the default password.)

    but Mussel's explaination is a good reason to change it to something not stock(although he is explaining that you should not use the default ISP name/password for for SSID, which also applys to the setup page name/password.... if course, the strength of your password then becomes a concern. (or your could allow wifi surfing only on the guest wifi channel... it only allows internet access)
     
    Last edited: Jan 30, 2014
  25. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,375 (2.01/day)
    Thanks Received:
    1,582
    Location:
    στο άλφα έως ωμέγα
    Most routers that I have dealt with allow you to backup those settings, for those moments of need.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page