Best Practices of Password Handling for Video Storage Devices

Garrett Savage

On December 2nd In IP Solutions, IP Surveillance Video, IP Tech Tips
Tags: , , , , , , , , , , ,

Computer Safety

When it comes to IP security for recording devices that are used for video storage, the management of user passwords is vital to the continued operation and safety of the system.  Should the passwords to a device be lost or changed, whether maliciously or by accident, it could mean a catastrophic loss of video surveillance data. If the video-laden hard drive is removed and plugged into a different device or PC, often the hard drive will be automatically reformatted, losing all recorded video in the process. In most cases, the only way to retrieve the recorded video is to return the “locked out” device to the manufacturer.

Here are some best practices when handling and distributing usernames and passwords for video storage devices to end-users:

1.  Don’t give the end-user the “Admin” or “root” level password – This is the cause of most problems such as the one described above.  Only the installing/servicing company should retain the top level username and password.  Most devices allow permissions to be granted that allow users to perform any function including the issuing and deleting of user passwords. That user, however, will not have the ability to alter the “Admin” top level password.  In the event that anything should happen that results in passwords being lost or erroneously changed, the installing company can access the top level password and fix the problem.  This rule should be applied to all IP physical security devices that provide multiple user/password combinations.

2.  Do use strong passwords – Always use passwords that are a minimum of eight characters long, using lowercase and capital letters, as well as numbers and special characters such as $,%,^, and #.  This will help prevent external or internal hackers from guessing simple passwords such as the company name or address.

3.  Do use unique passwords for each individual client device – Many companies commonly use the same password for every DVR or device from a specific manufacturer.  This makes for a dangerous practice since once someone with malicious intent acquires this universal password, they gain access to every device that is accessible by using that password. This is very important for any devices that provide live or recorded video over the Internet, as the password can also be used to access such devices remotely. To avoid this problem, you should ensure every client device has a unique password that is not duplicated on any other IP device installed by a particular electronic security contractor.

Surveillance Footer for Blog