Password Management in AV Projects
Password management is a challenge within an audio-visual (AV) project, just as it is for individual households and businesses. AV integrators use default admin passwords to simplify the hardware installation and credential management. But new infrastructure security laws are on the horizon, requiring AV integrators and installers to be more careful with privileged passwords.
On January 1, 2020, California implemented legislation through Senate Bill 327 that requires a unique preprogrammed password for each device. The UK is working on similar legislation called The Product Security and Telecommunications Infrastructure (PSTI) Bill that will take effect in 2022. Breaking these laws has significant penalties. So, AV integrators should pay attention.
Unique Password Challenges for AV Integrators
The new regulations mean that AV Integrators need to make password change management an integral part of the project planning. Integrators and installers have to set up unique passwords and have a reliable way to manage the individual passwords for subsequent administration of the controller boxes and connected AV devices.
Generally, an installer is the first person to touch an AV controller. But after the setup, the installer should not have visibility of the newly set password. So, AV integrators need a method to set passwords securely for multiple devices.
But multiple unique passwords create a scalability problem. When AV integrators connect to the hardware remotely for maintenance, they have to factory reset the units and start with default passwords. It can complicate hardware maintenance and become a bottleneck.
Our approach for More Efficient Password Management
At Lighting Control, we set up a complex common password for all devices during the commissioning phase of an AV project. We can work faster without dealing with unique passwords at this stage. Then, at the end of the commissioning process, we use scripting tools to improve the security of the systems and add multiple user accounts.
But if the scripting tools use plain text configuration files, the control passwords and IP configurations are easily accessible. It can become a potential security risk. So, we found that the best solution is to use PowerShell scripts with Active Directory (AD) accounts. As a result, the passwords are encrypted. It ensures that installers and users can run the scripts without accessing the credentials directly.
We hope our password management best practices help you with your AV projects. If you are interested in our AV products and AV consultancy services, please feel free to contact us today.
Neil Silver
Lead Developer LCD – Crestron Programmer , CSP
Managing the Development and Custom Programming Teams on a day to day basis and responsible for Product Design and Project Oversight.