Change Default Login Passwords
To secure access to the device's Web management interface, please adhere to the following recommended guidelines:
| ■ | The device is shipped with a default Security Administrator access-level user account with username Admin and password Admin. This user has full read-write access privileges to the device. It's recommended to change this default password to a hard-to-hack string. You can change the username and password in the Local Users table (Setup menu > Administration tab > WEB & CLI folder > Local Users): |
Changing Default Password of Security Administrator User
| ■ | Enforce password complexity, by enabling the [EnforcePasswordComplexity] parameter. Instead of using the device's default complex policy, you can configure a customized complex policy based on a regular expression (regex). This is configured using the [PasswordComplexityCheckByRegex] parameter. If you enable password complexity, you can also configure the minimum length (number of characters) of the password, using the [MinWebPasswordLen] parameter. |
| ■ | The device is shipped with a default Monitor access-level user account with username User and password User. This user only has read access privileges to the device. The read access privilege is also limited to certain Web pages. However, this user can view certain SIP settings such as proxy server addresses. Therefore, to prevent an attacker from obtaining sensitive SIP settings that could result in possible call theft etc., either delete this user account or change its default login password to a hard-to-hack string. This is done in the Local Users table: |
Changing Password of Monitor User Level
| ■ | If you have deployed multiple devices, use a unique password for each device. |
| ■ | Change the login password periodically (e.g., once a month). |