Menu
What's new
By:
Filters Better Search

Changed router ID/password, now can't access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

choleric

choleric

Regular Contributor
I have an Asus RT-AC68U running ... a pretty recent version of the Merlin firmware. Sure wish I could check which exactly.

I just changed the router login ID and password. And now, when I try accessing 192.168.1.1, I get the dreadful "This site can’t be reached ... 192.168.1.1 refused to connect." message.

However, the router continues working fine. Internet connectivity is normal.

I rebooted it, no change.

I have no clue why simply changing the ID/password would cause such an issue.

So what is the magic handshake to reset this thing? I'm assuming that's what I'm going to have to do.
 
Keep the reset button pushed in till the power light flashes.
 
I created a thread in the general Asus forum, but after looking at the manual for my RT-AC68U, I think it may be a more Merlin-specific issue. Not sure.

I have an Asus RT-AC68U running a very recent version of the Merlin firmware. I can't access the router to check exactly which version, and it probably doesn't even matter.

The issue began as I tried changing the router login ID and password. Soon after I clicked "Apply," I could no longer even connect to the router. When I try accessing 192.168.1.1, I get just "This site can’t be reached ... 192.168.1.1 refused to connect."

However, the router itself continues working fine. Internet connectivity is normal.

I rebooted it, no change. I have no clue why simply changing the ID/password would cause such an issue.

I just want to make sure I know how to resolve this, before I start messing with it. Do I just hold the reset button until the light flashes--and then I will be able to access the router with default Merlin settings, and restore my last backup? Is there anything else I'll need to do?
 
Well, let me just answer my own question, in case someone else deals with this aggravation and finds this thread; perhaps after having the pure audacity to change their router ID and/or password.

I had to hit the power switch on the back of the RT-AC68U to power it off. Then I held the reset button in with the tip of my pinky finger and powered the router on. This put it into recovery mode, accessible by opening http://192.168.1.1 in a web browser.

I then used the "erase settings" or "revert to NVRAM defaults" or whatever-they-called-it function, and then rebooted the router using the same recovery mode web page. After it rebooted, I was able to access a router setup page, which is where my last shred of sanity started melting away, because all I wanted to do was revert to saved settings, but it forced me to mess around with the internet connection and Wi-Fi setup.

Eventually I made it happy and got to the default Merlin interface, got my blood pressure down to levels typically associated with hostage situations, and was able to upload the settings I had THANKFULLY saved a couple weeks ago.

My best guess on what caused the issue is that the ID and password I used were too long, and included naughty, disallowed characters. Or maybe it was just the password; I don't know. No length or character restrictions are provided for the ID, but I had used one that was 30 characters and alphanumeric. I had not noticed it at the time, but the help tip for the password says that "Password cannot be greater than 16 characters." I had fed it a 30-character password with symbols included.

Usually, on crappy web sites that also push the limits of my sanity, if you supply a password that is beyond the mysterious maximum length allowable, what happens is that your password is silently truncated, and you find yourself unable to log in afterward. Here, I'm guessing it either doesn't like symbols I used for the password, or the 30-character length itself made it shoot itself in the head.

Now, here's what is mysterious to me:

(1) Why the length and character restrictions for both the ID and password would not be plainly shown;
(2) Why it would allow too-long credentials, or those which include disallowed characters, to be entered in the first place.

...and

(3) Why this message was queued for moderator approval.
 
It's all good now. Everybody's happy.

As for 1 and 2: Not everything is bulletproof.
For 3: You used a word that triggered the the mod flag, happens to the best of us.
 
Seems painfully obvious to me that whatever restrictions there are on an ID and password need to be handled by the GUI; not just accepted so they potentially break the back-end. Not everything is bulletproof... Not really sure what that is supposed to convey, but it's less than cold comfort since my Xmas day was pissed away and I'm still in a lousy mood. "Oh hey, the seat belt failed and your child died? Oh well, not everything is bulletproof!" Good one.
 
Well here we are again. Everything was fine for a few days, but I just updated to the latest Merlin release, and everything was fine until I again changed the ID and password. And now, I am again totally unable to connect to the router. Same issue as when I started this thread to begin with.

Here are the exact ID and password I used. I'm putting them here because there is simply no risk in doing so. I don't think it is an ID/password length or character issue.

ID:
TmUGYVQkJdINW77L

Password:
UEZEO80BJH0y6CFy

So, why would setting this ID/password (each 16 alphanumeric characters) make my RT-AC68U completely inaccessible, right after I click Apply?

I am not blaming RMerlin whatsoever, let's clear that up. At this point I'll take help wherever it comes from.
 
What happens if you leave the ID as the default, and just change the password?
 
Try limiting the length of both ID and password to 15 instead of 16 characters. Merlin has been closing potential buffer overflows and making sure that all strings are properly terminated (possibly making the actual user length 15 instead of 16).
 
My ID had already been changed from the default. The previous (i.e. working) ID was 6 characters, and the password (again, working) was 7 characters. I will try changing them both to something 15 characters when I have the stomach for it.

All this in the name of security, due to having read about recent router security issues.. Just have to love the irony and the idiocy of it. I tried doing the "right thing" (whatever the f*** that is), yet I've posted the actual ID and password I used, and everyone in the world knows the length my new ID and password will be, which drastically reduces their security. I may just go back to admin/admin, spread my cheeks and let the scumbags have their way. I may get owned but at that point I will take a sledgehammer to my PC and go full Luddite.
 
choleric said:
My ID had already been changed from the default. The previous (i.e. working) ID was 6 characters, and the password (again, working) was 7 characters. I will try changing them both to something 15 characters when I have the stomach for it.
Click to expand...

Nobody is saying you have to use 15 characters but rather that is the max to use.

Really no reason to change the default ID just change the password.

Right now my password is 14 characters with ID on default of admin.
 
A random ID is just as valuable as a random password. At least until some scumbag gets hold of both and neither matter anymore. Thanks for the advice. :)
 
choleric said:
A random ID is just as valuable as a random password. At least until some scumbag gets hold of both and neither matter anymore. Thanks for the advice. :)
Click to expand...

I have been using routers for close to 20 years and have never changed the user ID and have never had someone "break in".
Also, some routers do not like the user ID to be changed even though you can change it and then you run into login issues for whatever reason.
 
Yeah, I've also been using routers just as long and never had someone break in. I'm just trying to abide by best practices. People usually mock me for it, and I'm getting the same BS now. Mocked for putting tape over my webcam (until they find out there's good reason to). Mocked for using random IDs rather than just passwords (until it becomes clear why it makes sense to do so). Whatever. I'll just be an idiot and use admin/admin and at least this crap firmware will be happy, even if I won't once some scumbag breaks in. I'm so absolutely sick of having to worry about this BS and I get crap no matter what I do. Run into bugs and condemnation no matter what I do. "What? You write down your passwords?!" no wait "What? You use an online password service?! You're crazy!" no wait "What? You don't use an online password service?! You're crazy!"
 
Since it appears the user is now gone: User name checks out.
 
thelonelycoder said:
Since it appears the user is now gone: User name checks out.
Click to expand...

Rage quit?

Anyways - OP brought up a point that has crossed a few threads - and the Asus WebUI could do a better job of bounds checking - if someone is locked out, that means something is wrong - and that's that...

I know RMerlin has been doing some fixups - but generally it tends to point at Asus (and Broadcom's SDK) in general - lots of places there where things can go wrong...
 
Last edited:
sfx2000 said:
Anyways - OP brought up a point that has crossed a few threads - and the Asus WebUI could do a better job of bounds checking - if someone is locked out, that means something is wrong - and that's that...

I know RMerlin has been doing some fixups - but generally it tends to point at Asus (and Broadcom's SDK) in general - lots of places there where things can go wrong...
Click to expand...
No doubt, we all agree with you. But OP knew of the limitation after the first mishap and tested the boundaries again.

But I agree with @choleric, the username, and therefore the admin account on the router can be changed, so why should you not.
It does not matter if it is 5 or 15 characters long. If that is the users preference and a field to select one is given, then they may do so.
 
You must log in or register to reply here.

Similar threads

D
Lost password recovery
Replies
3
Views
415
dlukin
D
S
SSH Issues on AX86U with Merlin 388.2_2
Replies
2
Views
574
Sonofdavidsfather
S
kernol
wanduck: WARNING - router is in manufacturing mode
Replies
2
Views
731
kernol
kernol
J
Update Username/Password in ASUS Router App After changing these remotely by VPN
Replies
3
Views
1K
iFrogMac
I
M
“Incorrect password” (WiFi) following reboot
Replies
14
Views
2K
wouterv
W
Similar threads
Thread starter Title Forum Replies Date
P My ASUS AX-56U date/time changed to default after WAN disconnected for over 30 minutes ASUS Wireless 10
P app router for android error 13000 ASUS Wireless 1
B Cant Setup Manuell IP if i Enter it reloades Router Page and i have to login again ASUS Wireless 3
N 12V ASUS router with the longest 2.4GHz WiFi range ASUS Wireless 39
HatfieldChris A NAS, two CT8 and a mobile router ASUS Wireless 8
R New router recommendation ASUS Wireless 18
A Router.asus.com being forced to https in Firefox again ASUS Wireless 3
T ASUS Router hard reset ASUS Wireless 3
J I've stopped IGMP, LLDP, but there is a final multicast medium by the router, via a UDP packet, any idea how to stop that? ASUS Wireless 4
M Asuswrt in AP mode - router OS internet connection ASUS Wireless 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 866 (members: 16, guests: 850)
Top