NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Lost Password During Restore
I have an R6300v2 and I backed it up so that I could factory restore for troubleshooting. Having logged in after the factory restore, I set the new password and it overwrote the password in Edge. The...
Never mind. I found the old password was still saved in another browser.
Never mind. I found the old password was still saved in another browser.
Be sure to save off a back up configuration to file for safe keeping. Saves time if a reset is needed.
Yes, as I mentioned, I do have the backup. My issue is resolved by chance. But for others searching:
After restoring from a backup configuration, your password will be set to whatever it was when the backup was taken. This is not ideal, since the user is prompted to set a password after a factory restore, a common troubleshooting step. In that process, in newer versions of MS Edge, the new password could be automatically saved by the browser without notice, therefore destroying the viability of the backup. That's because the backup contains the original password, which MS Edge will overwrite automatically.
Simply put, config files should be plain text. This appears to be an oversight, or some misguided attempt at "security."
And you might save off a new backup config that should now have the corrected or new admin password.
Can you elaborate on your suggestion? I must be missing something.
How will making a new backup prevent Edge from saving the new password that you are forced to set when you factory restore?
00sivan wrote:
.... the user is prompted to set a password after a factory restore, a common troubleshooting step.
Does the router prevent you from settiong the "new" password to the one you had before the reset?
I have done that many times.
Of course, it does mean that I have to remember the pre-reset password.
00sivan wrote:
Simply put, config files should be plain text. This appears to be an oversight, or some misguided attempt at "security."
Do that and you don't have a secure password.
That's why everyone on the planet shouts out for encrypted passwords.
A good way around this is to user a password saver. I have used RoboForm for years and hate it. I would love to have a better option that lets me transfer my data from RoboForm.
In that process, in newer versions of MS Edge, the new password could be automatically saved by the browser without notice, therefore destroying the viability of the backup.You can disable password saving in Edge.
"Does the router prevent you from settiong the "new" password to the one you had before the reset?"It doesn't, but the new password form doesn't vibe with the way Edge recognizes password fields, so the user is not offered to use the existing password. Essentially, the existing UX is herding users towards disaster.
"Do that and you don't have a secure password."
That's simply not true. Operating system ACLs work fine. If you are even more worried, file encryption is also available.
"That's why everyone on the planet shouts out for encrypted passwords."
If we're talking about passwords stored in a database, I might agree with you. In a database, you should have them encrypted. That's because encrypting the entire database is highly resource intensive, compared with encrypting the entire file system. But we're now on a very tangential topic. The point is that there is no benefit to encrypting a config file that's already in an encrypted disk on an encrypted operating system. The option should be in the administrator's hands, and if the encryption is required for security, like everyone is supposedly shouting, then the choice should not be taken away from the administrator, instead the UX should ask for an encryption key when exporting the config file. Best of both sides of the security debate.
"A good way around this is to use a password saver."
Indeed, we are talking about the most ubiquitous password manager that ships with the most ubiquitous desktop operating system; Microsoft Edge. It's just this most ubiquitous password manager doesn't appear to work very well for Netgear's config file backup mechanism. I would hope Netgear pursues compatibility with most systems.
"You can disable password saving in Edge."
Agreed. That's what I recommended. What isn't clear is how the suggestion of an additional backup would help in any way. I believe the correct solution from Netgear's perspective should be to include a warning on the Factory Restore page that suggests the user disable automatic password saving in Edge before proceeding. OR, don't encrypt my config files with an encryption key I don't have. I'll encrypt them myself. I'm the network admin. Netgear is not the network admin.
