When it comes to CCTV systems, most people focus on camera quality, storage and analytics. What often gets forgotten is one of the simplest and most important security steps. Setting a strong password.
A weak password on a CCTV system puts the entire site at risk. Intruders do not need to break in physically if they can log in digitally. A simple guessable password can allow someone to view live feeds, disable cameras, delete footage or interfere with alarms. This is exactly why strong password practice is essential for installers, site owners and monitoring centres.
Why strong passwords matter
A weak password is one of the easiest ways for an attacker to gain access. Some CCTV brands now prevent you from using common passwords, but many older systems still allow them.
A recent example that gained attention was the Louvre. The camera system for one of the most famous museums in the world was reportedly protected by the password LOUVRE. This shows how even high-profile sites can fall into the trap of weak credentials.
Source: https://nypost.com/2024/11/03/world-news/ai-exposes-shocking-louvre-password-security-lapses/
If something as important as a world-renowned museum can have a weak password, it highlights how easy it is for any site to overlook this basic security step.
Strong passwords protect against:
-
Unauthorised live viewing
-
Tampering with settings
-
Turning cameras offline
-
Deleting recordings
-
Disabling alarm triggers
-
Brute force attempts
-
Automated bot attacks that scan the internet for weak devices
For monitored sites especially, a secure password is not optional. It is part of responsible system commissioning.
Common terrible passwords you should never use
Below is a list of passwords that installers still come across. These should never be used on a CCTV system:
-
123456
-
Password
-
Admin
-
CCTV123
-
Welcome
-
Qwerty
-
111111
-
12345
-
Letmein
-
Camera1
-
Test123
-
000000
-
1234
-
12345678
-
ABC123
If any of these (or anything similar) are used on a system, change them immediately.
How to create a strong password for CCTV systems
A strong password should follow simple rules.
Use at least 12 characters
Longer passwords are much harder to crack.
Mix upper and lower case letters
Avoid anything that spells a real word.
Include numbers and symbols
This massively increases strength.
Avoid personal details
Do not use site names, birthdays, addresses or initials.
Never reuse passwords across multiple sites
Each CCTV system should have its own unique password.
Use a passphrase if possible
Passphrases are longer, easier to remember and still secure.
Example: CoffeeTimeFor22!
Example of strong passwords
Do not use these exact ones. They are examples of the level of complexity needed:
-
RiverEight!92Bright
-
SafeViewAccess!47
-
BrickWallLion44?
-
NightGuardReady28*
Change passwords quarterly
Passwords should be changed every three months. Technology moves fast, and regular changes reduce the risk of something being compromised. For installers, quarterly password updates should be part of the maintenance routine. For sites monitored by ARC teams, strong passwords help keep the remote connection secure and ensure no one else can access the system without permission.
If you change the password, always update your ARC.
Whether your site is monitored by Farsight or another ARC, make sure the new login details are shared securely. If the monitoring centre does not have the correct credentials, they will not be able to access the system to verify alarms or carry out routine checks.
Other important tips
Disable default accounts
Do not leave manufacturer default logins active.
Use two factor authentication where available
Many modern VMS platforms support this.
Set different permission levels for staff
Not everyone needs full admin access.
Avoid sharing passwords by email
Use secure methods or password management tools.
Keep firmware up to date
Weak firmware and weak passwords are a dangerous combination.
Final thoughts
CCTV systems are installed to protect people, property and businesses. A weak password can undo all of that in seconds. Whether you are an installer, a site owner or part of a remote monitoring team, getting the basics right makes a huge difference. Strong passwords cost nothing, take seconds to set and offer one of the simplest layers of protection available.
