The choice of different robust passwords to those that come by default in safety equipment, it is essential to ensure both, security and privacy systems.
As users, we manage passwords increasingly linked to mobile phones, wireless networks, email accounts, social networks and cloud services. Recently, coinciding with the International Day of password makes the newspaper ABC published an article; it warned of the minor that most users give their passwords. The article highlighted worrying figures: as is clear from a study by Deloitte, 90% of passwords are so simple as to be hacked in seconds, according to the Eurobarometer of cybersecurity by the European Commission and published in February 2015, 9% of Spanish suffered hacking their account. But the problem is even worse, as 62% of Spanish ensures not be knowledgeable to the risks of cyber incidents, so they are unaware of the importance of having a strong password.
If it is important to take cautions in handling key as an individual, it is particularly critical when the keys are used by professionals to protect access to electronic safety devices, and even more when the computers are connected to the Internet.
A common mistake is the use of default keys with which teams are factory. If we are not careful to change the password, it will be extremely easy for an intruder to access the system basics with the default password and revoke security systems. Worse, if the device is connected to the Internet, you run the risk of falling victim to an attack, as the algorithms used by hackers are able to determine what type of device it is, and try to access it with the keys default of the different manufacturers. Use the default key safety equipment compromises not only the security of the system itself, but also, in the case of CCTV equipment, the privacy of users.
In alarm systems, failure is reported as usual using the default key, forcing, thus, the installer to change the key. In CCTV systems, however, it is not so common, so the security of the system depends not only on the characteristics of the team, but the criterion installer when changing the password.
Hikvision has recently changed its security policy regarding the use of passwords on computers so that when using the machine for the first time the installer must set a different password to the default one. In addition, the team itself verifies the robustness of the password, forcing use between 8 and 16 characters, and combines the use of letters with numbers or symbols. As additional security measures, also in the case of entering the wrong password several times in succession, the teams are locked for 30 minutes. In the technical note we describe in more detail the changes in Hikvision equipment.
In general, regardless of political manufacturers recommend never leaving the key that comes standard, and take the following cautions to ensure that the key is sufficiently robust:
- The password should be different from the default one factory.
- It must combine uppercase and lowercase letters, numbers, and, as far as possible, symbols.
- You must have a minimum length of 8 characters. The longer, more will be safe.
The most common mistakes to avoid when setting a password are:
- The use of common words should be avoided, because the software used by the hackers used dictionaries of common words to try and access equipment. Some of the most frequently hacked passwords are, for example, password, iloveyou, welcome, ninja, letmein, master, or monkey.
- The use of data related to the installation or the user, easily deductible (such as a birthday, company name or address) should be avoided.
- Avoid repeating the password the user name or a key derived therefrom.
- Sequences of letters, numbers, or adjacent letters on the keyboard should be avoided.
Following these simple tips, the devices will be more protected against possible attacks, thereby raising the safety of installations.