IMHO no password is best method until a password is set (like it was with telnet and now with new paswordless SSH). A default password is just false sense of security, there is none! Otherwise "encouraging" to set one and how can be discussed...
Olmari On Thu, Sep 10, 2015 at 3:14 AM, Ben Franske <[email protected]> wrote: > I'm copying this to the list because it was sent directly to me... There > are definitely many ways of "encouraging" people to change the password > which could be explored, another example is the WAN interface could be > disabled until the password is set. A few more thoughts on something like > that or the WiFi disable proposed below though: > > -Don't just have a feature like WiFi die without an error message > indicating the password must be changed, again bad user experience (and > lots of support requests) > -Make sure that the error is clear BOTH in LuCI and the CLI and provide > instructions for changing the password (e.g. just sending an error to the > console is not sufficient) LuCI already can detect the null password > condition as it prompts the user with a banner to set a password, this > could be adapted to check for a default password and the warn the user that > some features are disabled until the password is changed > > -Ben > > On 9/9/2015 6:05 PM, Derek & Vicky wrote: > >> I agree no password is problematic, so is a default password that never >> gets changed. So what if the wifi startup script checks the md5sum of the >> /etc/shadow file against the sum it created at startup Or predefined >> value. This way it won't enable the wifi unless the sum changes. >> >> Derek >> > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
