× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Re: Lost Password During Restore

00sivan
Aspirant

Lost Password During Restore

I have an R6300v2 and I backed it up so that I could factory restore for troubleshooting. Having logged in after the factory restore, I set the new password and it overwrote the password in Edge. Then restored the config. The restore works, but it appears to also restore the old admin password, which I obviously no longer have. How can I read the config file to get the password, or how can I reset the password without losing my settings?

Message 1 of 10

Accepted Solutions
00sivan
Aspirant

Re: Lost Password During Restore

Never mind. I found the old password was still saved in another browser.

View solution in original post

Message 2 of 10

All Replies
00sivan
Aspirant

Re: Lost Password During Restore

Never mind. I found the old password was still saved in another browser.

Message 2 of 10
FURRYe38
Guru

Re: Lost Password During Restore

Be sure to save off a back up configuration to file for safe keeping. Saves time if a reset is needed.

https://kb.netgear.com/24231/How-do-I-back-up-the-router-configuration-settings-on-my-Nighthawk-rout...

Message 3 of 10
00sivan
Aspirant

Re: Lost Password During Restore

Yes, as I mentioned, I do have the backup. My issue is resolved by chance. But for others searching:

 

After restoring from a backup configuration, your password will be set to whatever it was when the backup was taken. This is not ideal, since the user is prompted to set a password after a factory restore, a common troubleshooting step. In that process, in newer versions of MS Edge, the new password could be automatically saved by the browser without notice, therefore destroying the viability of the backup. That's because the backup contains the original password, which MS Edge will overwrite automatically.

 

Simply put, config files should be plain text. This appears to be an oversight, or some misguided attempt at "security."

Message 4 of 10
FURRYe38
Guru

Re: Lost Password During Restore

And you might save off a new backup config that should now have the corrected or new admin password. 

Message 5 of 10
00sivan
Aspirant

Re: Lost Password During Restore

Can you elaborate on your suggestion? I must be missing something.

 

How will making a new backup prevent Edge from saving the new password that you are forced to set when you factory restore?

Message 6 of 10
00sivan
Aspirant

Re: Lost Password During Restore

Let me explain why a new backup doesn't work.

 

Create a backup -> Factory Restore -> Forced to Set a password (does not populate from browser) -> Perform troubleshooting/testing -> Restore from backup -> Edge Saved password no longer matches config file

 

Essentially, config files don't work with MS Edge unless you turn off automatic password storage. It's likely this could affect Chrome users in the near future if automatic password saving is enabled.

Message 7 of 10

Re: Lost Password During Restore


@00sivan wrote:

 

.... the user is prompted to set a password after a factory restore, a common troubleshooting step.


Does the router prevent you from settiong the "new" password to the one you had before the reset?

 

I have done that many times.

 

Of course, it does mean that I have to remember the pre-reset password.

 


@00sivan wrote:

Simply put, config files should be plain text. This appears to be an oversight, or some misguided attempt at "security."


Do that and you don't have a secure password.

 

That's why everyone on the planet shouts out for encrypted passwords.

 

A good way around this is to user a password saver. I have used RoboForm for years and hate it. I would love to have a better option that lets me transfer my data from RoboForm.

 


In that process, in newer versions of MS Edge, the new password could be automatically saved by the browser without notice, therefore destroying the viability of the backup.

You can disable password saving in Edge.

 

Message 8 of 10
00sivan
Aspirant

Re: Lost Password During Restore


"Does the router prevent you from settiong the "new" password to the one you had before the reset?"

It doesn't, but the new password form doesn't vibe with the way Edge recognizes password fields, so the user is not offered to use the existing password. Essentially, the existing UX is herding users towards disaster.

 

"Do that and you don't have a secure password."

That's simply not true. Operating system ACLs work fine. If you are even more worried, file encryption is also available.

 

"That's why everyone on the planet shouts out for encrypted passwords."

If we're talking about passwords stored in a database, I might agree with you. In a database, you should have them encrypted. That's because encrypting the entire database is highly resource intensive, compared with encrypting the entire file system. But we're now on a very tangential topic. The point is that there is no benefit to encrypting a config file that's already in an encrypted disk on an encrypted operating system. The option should be in the administrator's hands, and if the encryption is required for security, like everyone is supposedly shouting, then the choice should not be taken away from the administrator, instead the UX should ask for an encryption key when exporting the config file. Best of both sides of the security debate.

 

"A good way around this is to use a password saver."

Indeed, we are talking about the most ubiquitous password manager that ships with the most ubiquitous desktop operating system; Microsoft Edge. It's just this most ubiquitous password manager doesn't appear to work very well for Netgear's config file backup mechanism. I would hope Netgear pursues compatibility with most systems.

 

"You can disable password saving in Edge."

Agreed. That's what I recommended. What isn't clear is how the suggestion of an additional backup would help in any way. I believe the correct solution from Netgear's perspective should be to include a warning on the Factory Restore page that suggests the user disable automatic password saving in Edge before proceeding. OR, don't encrypt my config files with an encryption key I don't have. I'll encrypt them myself. I'm the network admin. Netgear is not the network admin.

Message 9 of 10

Re: Lost Password During Restore


@00sivan wrote:I believe the correct solution from Netgear's perspective should be to include a warning on the Factory Restore page that suggests the user disable automatic password saving in Edge before proceeding. OR, don't encrypt my config files with an encryption key I don't have. I'll encrypt them myself. I'm the network admin. Netgear is not the network admin.

Good idea. In general Netgear does a poor job with passwords.

 

Netgear tries to protect people from doing silly things – not everyone is a security expert – but in the process it can land them in a mess.

 

For example, the whole "password recovery" routine is broken on older devices, perhaps even on new ones.

 

It is possible to set up a device without completing the Q&A process that is supposed to let users get back in by answering those questions. Then when they have forgotten their password they get stuck in a closed loop. The questions come up, but the user doesn't know the answers. Or it starts filling in what it thinks are the answers to those generic questions. But the answers aren't stored in the router. So you get bounced back to the beginning of the password recovery loop.

 

People turn up here regularly with that one. The only way out is a reset.

 

 

Message 10 of 10
Top Contributors
Discussion stats
  • 9 replies
  • 2644 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series