I have put together a small spreadsheet that may help when there is trouble logging in the first time on one of the newish Mikrotik devices that come with a factory default password printed on the label on the device.
I am attaching it in two versions, one with some added VBA code that automates some things and one "novba" for people that do not run Excel or that are paranoid and believe that spreadsheets with VBA code are a risk, of course this latter needs some little more care when playing with it as everything is "manual".
I am not too sure that the information in it is complete and accurate, I am posting it below for review and comments:
Older devices have user "admin" and blank password.
Newer ones, starting from around mid-2023 have a pre-set password.
This password is printed in two places, a label sticked on the actual device and a copy of it sticked on the paper pamphlet/instructions.
Characteristics of Mikrotik passwords printed on device labels:
They are printed in a tiny, almost unreadable, font.
The chosen font is a sans-serif kind, which helps making a few letters/numbers indistinguishable.
Particularly zero ("0") has NOT a center dot or a slash and it is VERY easy to read it as a letter "O".
As well it is very easy to mistake 1 for I.
Other mistakes are possible, but the most common ones are the two above.
The password is 10 (ten) characters long and ONLY UPPERCASE LETTERS are used in it.
No special characters, only A-Z and 0-9 are used.
It is advised to use a good magnifying glass or take a picture and enlarge it 3x to be able to read the password correctly.
1: has been corrected lately. I still do have a problem though for some devices where there is really a lot of white space so the font could easily have been made larger. But alas ...
Example:
3: latest devices I have seen either have striked zero or no 0 at all in passwd They try to avoid ambiguous characters now.
4: can be lowercase L, figure 1 but also uppercase i (been there, done that, seen it happen)
I did see in the past striked zero in MAC address but then a non-striked zero in the passwd.
Really funny ... NOT !
Yep , but we have no way to know since when they changed font and/or policy.
Anyway this thread is for those people that have trouble logging in, if the password is clearly readable and 0's can be recognized from O's they won't have such troubles.
We don't even know when exactly they started putting passwords on devices, in the text I wrote mid-2023, but I am not too sure about that and maybe it depends on different device models (on different assembly chains).
I have looked around a bit about what can be considered "ambiguous", many are related to either lowercase characters and hand-writing, as an example 9qg are almost indistinguishable hand written (and also qg in - say - Courier), the number of UPPERCASE only ambiguous characters is much more limited, still the surely non-ambiguous characters are surprisingly few, from my table:
Numbers: 479
Letters: ACHJKLNTUX
This is a KEY point, all the passwords I have seen are UPPERCASE characters only, so lower case L is a non-possibility, but maybe my sample is too small and in some case lowercase characters have been used?
At work we order a lot of equipment and register it in our CMDB, and almost all manufacturers include a small barcode for things like serial number, MAC address on box labels. It would be very convenient when MikroTik did that as well, and including for password.
Of course not everyone has a barcode scanner, but for those who have it makes it much easier to read correct info from the labels.
I recently installed 4 “netbox” devices and they still had the old bad password font. But these are probably produced irregularly and kept on stock for a long time. I also ordered an LHG and expect the same. It is unbelievable that nobody at the factory realized this when printing the first label and trying to read it. Also it would have been easy to not use certain characters like 0 1 I O in passwords.
In the meantime I made a quick table with some common and some less common fonts to see how it can actually look.
The surprises (to me) are that the so-much-hated Comic Sans is not that bad, and that our "resident" code font Jetbrains Mono while making easy to distinguish 0 and O, is not so good at 0 and 8 and O and D : 08B80ODO
It would have avoided the 0O, 1I, 0o an 1i are so much better, but only shifted the prevalent issue to other characters, typically from 1I (1 CAPITAL i) to 1l (1 small case L) and the new entry gq .
: