To reset or not to reset password problems

[Ghorn]

This is my first post so I would like to apologize for anything I do wrong. I recently purchased your AC2400 router model number RT-AC87R. I cannot log into the GUI, it will not accept my router login name or router password. I originally loged into the Quickstart guide using the admin default password. I changed the username and router password and gave the five and 4.2 GHz band a name and key. The next page that opened confirmed all my keys and passwords and IP's. I tested both band keys with my laptop and TV. Everything worked fine. When I went back to the web site to open the dashboard it asked me for a username and password. Nothing I used worked. Is there any way to reset the password and username or could there be something else wrong? I've searched the web and this forum and was unable to find any good information. Every time I read about a reset in this form the procedure was different. Will a reset even change the password back to the default admin password? Any help will be deeply appreciated. I don't know if you need this information but I'll give it to you anyway.

H/W Ver. A1
F/W Ver. 3.0.0.4.376_1779 (I don't think it updated)

 

[jegesq]

Here's a link to the RT-87U Manual: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC87U/TR8971_RT_AC87U_Manaul_new.zip

Look at Page 7, picture of back of router, item 14 (described on Page 8).....that's the Reset Button. Hold the button in for 20-30 seconds, wait for the router to reboot and you should then be able to reenter the GUI....You'll have to go through the Quick Connect again, but that will let you completely reset your password for the GUI and for the two wireless SSID's.

It's pretty easily accomplished. Just push and hold in the reset and it will restore your router to factory settings. Easy Peasey.

Keep in mind that whatever password you set for the GUI is case-sensitive. To make it easy on yourself, you could just use the same password for the GUI as for the SSID's, but make sure you're using at least WPA-2 AES security at a minimum on the 2.4 and 5 ghz SSID's.

 

[RMerlin]

I also advise to be careful with any automatic form filler your browser might be using. Before resorting to a factory default reset, make sure your browser isn't prefilling the field with the wrong password or username.

 

[PhilInWA]

PW Over 15 Chars Can Be a Problem

I was able to enter what seemed like a 16 char password in the GUI. When I went to log in, I entered 16 chars and was rejected. I tried entering the first 15 chars and it worked. The change PW dialogue only accepts 15 chars but it seems that the enter PW dialogue accepts 16 or more.

Edit: Merlin 378.50 tested today accepts 16 characters MAXIMUM in the Administration/System password field. The windows password entry dialogue accepts more. You can be lulled into thinking that you have a longer than 16 character password when you don't and think you are locked out of your router.

 

[RMerlin]

I was able to enter what seemed like a 16 char password in the GUI. When I went to log in, I entered 16 chars and was rejected. I tried entering the first 15 chars and it worked. The change PW dialogue only accepts 15 chars but it seems that the enter PW dialogue accepts 16 or more.

No problem entering 16 characters on the change password dialogue here.

 

[L&LD]

What browser did you use originally? Did you copy and paste the password with maybe a space on the end? Or, possibly missing that last character?

I have been using 16 character passwords for many customers and Asus / RMerlin routers and never had a problem with any of them.

 

[jegesq]

Agreed. I too use 16 characters and have had no issues. As L&LD says, be especially careful with blank spaces when cutting and pasting from a form or some other text. It's quite easy to unintentionally put in a blank before the leading character or after the last one and you won't really even know it. So don't cut and paste, just type it in by hand to avoid the issue.

 

[AdvHomeServer]

Agreed. I too use 16 characters and have had no issues. As L&LD says, be especially careful with blank spaces when cutting and pasting from a form or some other text. It's quite easy to unintentionally put in a blank before the leading character or after the last one and you won't really even know it. So don't cut and paste, just type it in by hand to avoid the issue.

This is a good topic for a talk about passwords in general. I agree that commercial routers or any router with remote login capabilities should have a complex password. Passwords for anything that holds value should also be long, complicated, and different among accounts with value.

My wifi password is pretty long and odd because I don't want to support the neighborhood with free wifi.

My home router has a pretty simple password because it's never accessible from the internet and I don't have to worry about some horrible person playing tricks just to see the look on my face. I actually use some of the famous 'never use these passwords' for some junk accounts along with a toss away email address or a fake name.

What's so important about a long and complex password for a router when anyone who wants it can just press the reset button?

 

[RMerlin]

What's so important about a long and complex password for a router when anyone who wants it can just press the reset button?

This being a theoretical question, I have a theoretical answer: to protect the other confidential info stored in your router: password to a PPPoE account, OpenVPN access keys, password to your DDNS account, etc... All of these will vanish after a reset.

 

[L&LD]

In addition to RMerlin's response, if the intruder can physically press the reset button, other more pressing issues should be addressed first.

One of my goals when configuring a new network for a customer is to make it readily apparent that the router was reset to defaults. I do this by using static addresses on printers, NAS' and other devices such as the main computer, usually the owners. I also choose an offbeat IP range such as 192.168.99.xxx, for example.

If or when the router is physically reset, not only has someone (usually) entered a restricted area, but they have also disabled the core functionality of the network too. This is where I'm usually called in. And because I've explained to the customers what has probably happened, they call me fast.

Not securing a router from a physical attack is a false sense of security. The best viruses or hackers don't announce to your face you've been hacked. They simply wait patiently to see what digital goodies you give them freely instead.

 

[AdvHomeServer]

Not securing a router from a physical attack is a false sense of security. The best viruses or hackers don't announce to your face you've been hacked. They simply wait patiently to see what digital goodies you give them freely instead.

True, that's why I keep my front door locked ... and for reasons other than my router.

But, assuming away remote access, commercial installations, and out of control household members, why can't password be an acceptable password for getting into my router's innards.

 

[L&LD]

True, that's why I keep my front door locked ... and for reasons other than my router.

But, assuming away remote access, commercial installations, and out of control household members, why can't password be an acceptable password for getting into my router's innards.

Because it assumes that anyone that has access to your house has your best interests in mind.

 

[AdvHomeServer]

Because it assumes that anyone that has access to your house has your best interests in mind.

What if the average person in the household has no clue, interest, or concern about the router unless it's not working? This describes 99.9% of households, with the remainder being goofballs of one kind or another.

Same question as before.

My point ... sometimes passwords are the weakest link. Other times they are barely necessary.

 

[RMerlin]

What if the average person in the household has no clue, interest, or concern about the router unless it's not working? This describes 99.9% of households, with the remainder being goofballs of one kind or another.

Same question as before.

My point ... sometimes passwords are the weakest link. Other times they are barely necessary.

The "nice" thing about passwords is that you can adjust their level of security based on your situation. The password to access my router at home is far simpler than the one to access the Entrust Cloud Service Portal. Especially as I must type that router password far more often than any of you guys But it's still not "password" or "123456".