To view the videos, please enable JavaScript in your internet browser.

With cybersecurity concerns rising, more scrutiny is being applied to various elements of security implementation.

One of those is who knows the admin passwords of systems.

140+ integrators answered the following questions:

What percentage of your customer's video surveillance systems do you have admin access / know the admin password? Why?

Almost All Have Customer Admin Passwords

Over 90% of respondents answered that they had admin access to most or all of their customer systems, with only ~9% saying they did not.

The main reasons cited were:

Keeping customer passwords enables/speeds service

Customers forgetting/losing passwords

Customers trust integrators/do not care

While those opposed to the practice cited security concerns as the main reason for not keeping passwords.

Passwords Necessary For Service

Get Notified of Video Surveillance Breaking News Sign Up Get Notified of Video Surveillance Breaking News Sign Up

Service access, both local and remote, was the most common reason for maintaining access to users' admin passwords. Integrators pointed out that many users have limited desire or skills necessary to maintain their own systems and expect integrators to be able to do so.

"Currently we have admin access at every site that we are the provider for, as well as getting admin access on any system that we install. It is critical for our ability to perform service in the case that the IT/security director is not there to provide us admin access. So far our clients have been very receptive to our requests for admin access."

"We have admin access to about 90% of our customer's systems. Most of our customer's aren't interested in maintaining their own system or the end users have a lack of basic computer skills so we take care of them most of the time. We also have admin access for most customers so we can offer remote support without having to bother the end user with logging us in or having to remember passwords."

"All of them. We maintain them for them. We also provide them with an admin user name and password should they decide to go to another integrator. It is our responsibility to keep the customer happy with our service, but we don't lock them to us."

"Customers want us to manage if there is a problem. Most of our customers are consumers/residential homeowners"

"100% due to maintenance contracts or maintenance needs when customer calls for assistance."

"Probably in excess of 90%; they rely on us for higher level support and we can provide that quicker with remote access and admin rights."

"90% Remote management and support are important for the vast majority of our customers."

"80% we give them the option of setting up their own PW but most want us to have access so we can log in to troubleshoot"

"70%. We can't keep all of the passwords because some of our customers will not allow us, however, we try to keep records of Admin passwords so we can assist the customer when they let go employees who had the responsibility and now 'no one knows'"

Customers Forget Passwords

Some integrators simply pointed out that users often forget or lose admin passwords, so maintaining credentials themselves allows them to reset passwords or create users in the event the original password is lost.

"100% if we need to service we have rights, when and if they lose their password we can get in to resolve problem"

"90% we are typically maintaining the equipment and find customers will typically forget the password if left to them"

"80% We typically store an integrator password in the system so when/if they forget the password we can get into the system and update/add users and passwords."

Customers Trust Integrators

Finally, some replied that they had access to users' systems simply because the customer trusted them to have access, or did not care otherwise.

"Probably all of them, small customer base and they are all small companies that don't care if we have access"

"90%. Customer trusts. I have to admit most customers, especially if they are from IT, do not take access security on a security system that seriously. It ends at switch and server level. Information sharing and organization are also a key problem within our company. There is no protocol in setting up credentials. IT directors do not take it that seriously. Physical security professionals actually demand to take over credential on each hardware and software."

"100. Faster customer service. P.s. we ask for agreement before. if customer denies then we don't but as of today all my customers agreed"

Integrators Against: Security Concerns

The main concern given by those who were against keeping admin passwords was cybersecurity, feeling it is irresponsible for integrators to maintain access to users' systems after installation is complete, and potentially leading to unauthorized remote logins without users' knowledge.

"At last IPVM have listened to real and tangible issue that shadows all cybersecurity issue. Engineers should never have the details AFTER a system had been commissioned and handed over. But most irresponsible installers love to have remote logins."

"Nearly all of our large client systems retain their own Admin rights, which we do not have access to without end user intervention."

"We have an installer admin account if the client approves it and it is done by a person. We will not support a general login for multiple people nor will we have the main or only admin account. If your client does not agree with this then we feel we have not done our job as security professionals by providing value."

"Typically we can but don't keep access. We prefer to transfer that over. There are a small percentage of our clients who insist that we maintain rights."

Exceptions: Large Organizations / Strong IT Departments

The main exception to end users allowing integrators to have ongoing admin access tended to be larger organizations with stronger IT departments, as these comments explain: