I recently updated a Ubiquiti Networks PicoStation M2 from firmware v5.3.5 to the latest v5.5.2 and noticed an interesting new UI feature: a persistent message-box indicating that I was still using the default username and password for the administrator account. Normally such a message might be a nuisance, but I was actually pleasantly surprised.
The message-box in question, located at the bottom-right corner of the browser-based UI:
Little things like this make a difference. It’s a welcome reminder that Ubiquiti Networks is thinking about security when designing a product that definitely needs to be secure. Instead of instantly clicking “Dismiss”, which is practically a reflex for me (and probably anyone who uses Windows at least occasionally), I went ahead and changed the default password. Now if/when someone accesses my home network (hopefully with my permission, and by breaking into the PEAP-secured Wi-Fi network), they will at least have to do some more work than a simple Google search to change settings on my AP. On the other hand, this makes it harder for me if I forget the password. 🙂
I’m definitely a fan of the PicoStation. It’s small, reliable, reasonably priced, supports PoE, has an unobtrusive and even attractive design, and Ubiquiti provides free software updates unlike some other vendors. I had no problem implementing PEAP, and it has performed flawlessly (unlike the 3Com/HP AP it replaced). As I work on enhancing Wi-Fi coverage for my home, I will definitely be considering the PicoStation and other Ubiquiti APs.
Hey man, you have the correct approach for security thingies! I’m looking forward to read more positive articles on this 😉