•
Listen to the podcast: Change Your Password
- No, not that one.... 
Transcript
This is Leo Notenboom for askleo.info.
News reports surfaced this week telling of a newly discovered vulnerability. Well, it's certainly not a new vulnerability, and whether or not it's really been "newly discovered" is arguable too. But it's definitely making the news.
As well it should.
So, let me ask you this: what's the password to your router? The password that you use to gain access to the router settings.
If you don't know, or you've never changed it you're probably at risk.
Here's how the vulnerability works:
A virus, some spyware, or even some Javascript from a malicious web site can try to connect, over your LAN, to the administration interface of your router. If you haven't changed that password, this malware can simply use the default password to login. Once that happens, all bets are off. One scenario is that the router might be silently reconfigured to, without warning, take you to some phishing site when you might think you're going to a legitimate site like eBay, Paypal or your bank.
Scary, right?
So how many of you LinkSys owners have a password of "admin" on your router? That's the default password, and if that's the password to your router, you're at risk. If you have a different brand of router, the default is probably something else, but given the overwhelming popularity of brands such as LinkSys, Cisco, NetGear, DLink, and a handful of others, it's pretty easy for malware to just try them all until something works.
So, if you make only one security change today, change the password on your router. Remember to keep it in a safe place, of course, so you'll have it when you need it later.
Oh, and if you do forget the password later, almost all routers have a master reset sequence that will restore the router to its initial configuration, including that default password. Master reset not something you can do remotely; it typically involves actually pushing a button on the router. You'll lose any configuration changes you'll have made, but at least you'll be able to get back in.
Routers are an incredibly important part making sure your local network and the computers on it are safe from external threats. This vulnerability masquerades as an internal user on your LAN, so making sure that your router is configured securely with it's own unique password is extra important.
And yep ... until this morning my router's password was "admin".
Not any more.
I'd love to hear what you think. Visit askleo.info and enter 11177 in the go to article number box and leave me a comment. While you're there, search over 1,000 technical questions and answers on the site.
Till next time, I'm Leo Notenboom, for askleo.info.
Related:
-
Ask Leo! - What's the difference between a Hub, a Switch and a Router?
-
Ask Leo! - How do I know if I'm behind a NAT router?
-
Ask Leo! - How should I set up my home network?
Article C2937 - February 18, 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It varies some, but after I've logged into my LinkSys, across the top
there's a tab labeled "Password" right inbetween "Setup" and "Status".
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFF7ZsiCMEe9B/8oqERAsvMAJ4r9sckMH53p5dyzFuwfqp9RxEMSQCfVki5
Posted by: Leo Notenboom at March 6, 2007 8:47 AMu1kVu1kb0Or+j6GzIvzNxEE=
=oOup
-----END PGP SIGNATURE-----
I have a dlink and im not sure what the password is or how i change it. Please help!!!
Posted by: Joe at March 7, 2007 10:32 AM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That should be documented in the manual that came with your router. If
you don't have that, then I'd look for support information or
documentation on the dlink site: http://www.dlink.com/
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFF702ZCMEe9B/8oqERAt7UAJ9QSYKlT//GUTClkfo6eWWEQReUpgCbB3qG
Posted by: Leo Notenboom at March 7, 2007 3:41 PM5O6WJQJ02f2SJlmvKf8cytg=
=9ADf
-----END PGP SIGNATURE-----
I initially changed the admin password of my d-link router but I forgot it. Is there way I can recover the password?
Posted by: Hilary at May 29, 2007 11:08 AMOk i changed my Linksys Password and i forgot how do i reset it?
Posted by: Wilson at July 13, 2007 8:20 PMadmin is the username and password is the default password on my LinkSys Router. I have changed the password but not the username. How do I do that?
Posted by: Louis at March 14, 2008 10:40 PMhaha, I have a mac and a mac airport extreme with a very long password and username
Posted by: Jordan at March 19, 2008 7:41 PMI like Louis [March 14th 2008] have changed my password but can not change the username from "admin" how can this be done if at all?
Posted by: Gary Anderson at April 13, 2009 3:43 PMRegrds Gazza.[11177]
Hi Leo,
My new linksys router has the default set up 198.182.1.1 to connect to it. It also uses this same address for IP and gateway. So besides the "admin" password, which I changed to another one it will be possible that any one can get to these routers. I have changed my logon (default is blank) and my password (default is admin) I do not know if I can change the 198.182.1.1. address without getting into other problems with the firmware in the router. It is bad enough that this router sometimes has to restarted because it drops the connection. What are your views on it?
07-May-2009
hi,
Posted by: hyperbola at October 12, 2009 9:14 PMwhenever i open my intenet browser it ask for usrname and password on tp-link page everytime, my router is tp-link. how i can set it only for one time?