II. Resetting & Router Firmware

Recovering or bypassing a lost or unknown router password (backdoor)?

Password Best Practice

You should always set a secure password  to your router's admin interfaces, and, in a corporate environment change it when a change in personnel happens. You should also have rules in place about how passwords are kept and disclosed to others and, where appropriate, have password safes or procedures in place so that there is always more than one person with access. Your employee contracts should also require passwords to be disclosed to management when required. Most of our routers do allow more than one username/password so you could have ones for each admin but then an additional emergency one for directors.

---

What protection does a router password provide?

The password is an important part of your overall security. If someone can access your router, they can change the configuration, remove protections, set up VPNs to allow them remote access to your LAN, lock you out or control your access or otherwise cause mischief or damage, whether deliberate or unintentional.

How do passwords get 'lost' ?

There are circumstances where a password may be lost, forgotten or the person who set it is either no longer available or for some reason is refusing to release it to you. Sometimes, the person may simply be unavailable temporarily when you need access. There are many cases of IT providers/consultants/employees refusing to disclose passwords when they leave in a dispute or just refuse to cooperate.

Are people allowed to refuse to provide a password ?

Firstly, it is entirely unethical for a contractor or employee to withhold information in this way and there are many laws around the world which protect against it - including people being sent to gaol under various computer crime laws. If a former employee or contractor is withholding your passwords, they should consider the professional/reputational damage they might suffer, or the risk or prosecution or other legal action they might face.

Okay, but how do I bypass a router password?

You can not.  There are no mechanisms designed within DrayTek routers to allow you into the admin interfaces without the admin password - i.e. no backdoor which can bypass the password.  Whilst, for the reasons explained earlier, there are legitimate reasons for needing to bypass a password, providing such a facility would put the security of all owners at risk for the sake of users who may, perhaps through no fault of their own lose their password.

So now what?

If you don't have the password, the router will carry on working as it is, but if you need to change any settings, the only way you can get back into the router is by resetting it. That clears all settings and restores the router's default password.  You should therefore do this only once you are confident that you have all information and enough time to configure your router from scratch. That includes your ISP passwords, any firewall plans, VPN setups, content filtering plans etc.

Before resetting the router, check that the router is powered up and operating normally.

To perform the factory reset procedure, press and hold the RESET button for 5 to 10 seconds.

When the Factory Reset occurs, the ACT LED will blink rapidly, the router will restart with default settings and password.

---

How do you rate this article?