I’ve never sad this, but God, please send to hell directly the person who wrote such small and unreadable default password.
Thanks.
hap ax2. no other stickers with password btw.
Is there a hell for labelprinters?
It’s security feature against hackers with bad vision 
All of the Mikrotik devices I ever dealt with (hEX, RB5009, hAP ac2, CRS125, LDF 2) had no default password. Did something change? Is your router provided by ISP?
New models come with default password which is on the cardboard box and also on the router itself.
ALSO it is available from your distributor in a digital document / CSV.
Newer batches have improved label print quality and do not have ambiguous characters (0/O etc)
Thanks. When has this change been made? Does it apply to all newly produced devices or just specific new models?
During this year it has been slowly rolling out for home user type of models. Home users often never connect to their devices, leaving them without protection and open for Trojan software from the LAN side.
Not that it actually matters[1], but earlier (in other threads) it was mentioned that the change was prompted by the need for compliance with this (or that) EU regulation (possibly the GDPR or more strictly one of the possible interpretation of its vague requirements).
Now you put the blame on the (stupid) home/hobby users.
Still it would be nice to know if it is a new, own, Mikrotik initiative to protect the (stupid) home/hobby users from themselves and their lack of security protocols implementation or if it is the EU that is “protecting” us.
[1] though I would like to know, whenever a little bit of freedom is removed, who does that and what reason there is behind that - even tiny - removal
It is one and the same. Many country regulators are working towards such requirements, not just the EU. And they are doing this because of the users. Did you think it was just baseless regulation to annoy people?
I don’t think it’s a removal of freedom. It would be for example if the password couldn’t be changed.
I think the default password is actually a good idea, as I know from experience how common it is for people people to not care about configuring their equipment and just want it to work out of the box. I don’t mean networking hobbyists, but rather an average Joe who just wants Internet, or an electrician who has to install a network connection for collecting production data from a PV power plant.
I know I do sound picky, basically because I am actually picky (besides being old and grumpy, and cheap, but this latter is not relevant here), but what the EU (and other regulators) often do is
- do something (that usually means some added regulation, often causing lots of headaches in the population that must comply)
- communicate some (usually bogus) reasons[1] why they did that (while patting themselves on the shoulders for how clever they have been)
Of course there is nothing that we (stupid) home/hobby users can do about the regulation or the decision by the manufacturer but I still would like to know if I have to thank for this (tiny in the specific) annoyance the EU or Mikrotik.
With a good magnifying glass and adequate lighting I did manage to decrypt the password on the label of some just arrived hap AX lite’s, probably this is one of the new batches that do not have “ambiguous” characters (or I was lucky and the password did not contain them by pure chance), so not a real problem, only an annoyance, and there are two levels in it, one is the regulation or decision by Mikrotik, the other one is the way it has been implemented, the OP is venting about the latter only and I have to concur with him.
[1] mind you, very often there are good reasons, only the stated ones are different
I grab my phone to photograph the label on each one on unboxing.
- I have a permanent record on hand (including MAC addresses, serial) in case of need.
- I can easily expand the view for readability, no separate magnifier involved.
- I can see the passwords on or adjacent to my computer when using them, rather than peering at the router.
An SXT LTE6 kit 2023 that I bought yesterday has just arrived, and indeed it has a default password. I can read it clearly, presumably it’s one of the newer labels but I don’t have any of the old ones to compare.
Thanks for the info. No idea of that.
Regards.
Imho,
Why we need to depends on distributor for that as already mentioned in the yt vídeo about this, they are not Required to provide that file.
Why Mikrotik don’t provide a tool in Mikrotik account that by informing the serial number it shows the serial..
This is a cleaner and better user experience…
My hap ax2 I had to basically guess if was a K or R I have used Google lens to help me out now I have this written in my password manager…
Or just throw separate piece of paper into the box, with that password, with properly sized font like 10 or 12.
I bought 3 new RB devices lately and it was a real pain to get these up and running,
since that password was pretty much unreadable and my eyes literally bleeded 2 days in a row afterwards from attempts to decipher these.
I do have my comments as well on the implementation (not the fact it’s being done, that’s legislation):
- Labels only being used for 2/3 of the available space (still saw it on the latest AX Lite I bought)
- ambiguous characters (ok, that’s been handled so it seems)
- passwd only on device (latest devices I’ve seen had a separate paper in the box, still way too small though …)
But let’s not complain over it more then needed.
Camera x3 zoom, picture and done.
All those pictures go in my note taking app so I always have them available (can even search on MAC address there so quite easy to find one back if needed).
It is a problem, certainly, but not one which can not be solved.
I still don’t understand how other vendors get away (legally speaking) with forcing users to change the default password on first login and MikroTik had to resolve to this random password nonsense…
It would seem that simply forcing users to change the password in order to use the device is enough (legally) if everyone else is doing it.
The only place where I’ve seen random passwords being forced is CPEs that ISPs give out to customers and AVM’s hardware. No consumer product I’ve used so far has this random password policy.
Another potential label issue here.
Just bought a brand new hAP ax lite and neither of the label passwords work.
Tried resetting the device and when I RouterOS factory default it I can access it with winbox using MAC-address (obviously I’ve then lost all the nice configs)
Loading back the default settings gives me the correct IP and wifi functionality back but still the logins claim wrong passwords.
My label is readable but it has some ambigious characters (such as zeros) - tried various combinations.
Any change the label or wrong / swapped / corrupted ?
Also what to do? I don’t want to manually configure everything from command line …
Make sure to really use all possible combinations of those ambiguous characters.
Also, camera zoom x3 helps !
Your distributor should be able to get the password based on mac address.
And otherwise, have it replaced !