No more default password for new PWs?

[MikeBur]

Just had install done. Trying to connect to backup gateway via LAN and S<serial_num> doesn’t work as default password. The password *does* work for WiFi password for TEG_xxx AP. No joy for installer or customer login.

FW: 1.21

There is option to “reset forgotten password”, though didn’t want to mess anything up in my ignorance

It is highly likely I’m doing Something dumb here, though is it possible/feasible that the default password is no more? DM if needed

 

[Sylvia Else]

There is option to “reset forgotten password”, though didn’t want to mess anything up in my ignorance

There was supposed to be some issue with people being able to adjust the settings of your powerwall using WiFi from the street, if they knew your system's serial number (by trespassing once, and reading it, I suppose). The new passwords appear intended to prevent that, but resetting them just requires knowledge of the serial number. There's some mention of turning the powerwall off and on at the switch, but I don't seem to have needed to do that. In any case, if your powerwall's outside (mine's in the garage), then a tresspasser can switch it off and on, and then reset the password. Unless you're one of the relatively rare users who's using the web interface, you'd never notice.

I think Tesla have thought "there's, a problem, we must do something..... this is something, so we must do it." without really thinking the issue through.

The switch to https doesn't seem to have achieved much if anything either.

Resetting the password is harmless.

 

[cwied]

I haven't tracked down exactly when the Powerwall is in a "trusting" mode and when not (maybe it has to do with when the last time is the installer authenticated), but under normal operation I've definitely had to toggle the Powerwall switch to do a password reset.

I actually think this is a reasonable security precaution as a significant number of installs will be in garages or in other "secure" areas, so it does have a benefit to at least a portion of their user base. It's much harder to secure a device to which the attacker has physical access in any case.

The switch to https means that the password is doubly encrypted so a WPA attack isn't sufficient to sniff the password (if you're authenticating over wireless). I think it's not too extraordinary to see this kind of security layering, although I do wonder why they thought it was necessary. Maybe it has something to do with the virtual power plant installations.

 

[MikeBur]

Thanks both. Good to know. I couldn’t find a link with walkthrough if installer options anywhere. The ominous, ye’ll reset everything if ye enter here is definitely offputting

 

[wwhitney]

I couldn’t find a link with walkthrough of installer options anywhere.

Check out this thread: Powerwall Wizard

Cheers, Wayne

 

[MikeBur]

Check out this thread: Powerwall Wizard

Cheers, Wayne

Perfect, thanks