Systems without passwords

In order to log into a system, users must authenticate themselves to the system. Two common approaches for doing so are by providing a username/password pair to the system, or by using public-key cryptography. Either way, it is not desirable for multiple systems to be configured in such a way that the same set of credentials can be used to log into each system.

QNX is recommending customers do not include default passwords in their QNX-based products to avoid the creation of a master image with passwords. It is impossible to keep a password secret that is shared over thousands of devices and known by many developers. Some countries are introducing legislation to prevent products from using hard-coded or default passwords.

Possible solutions

Many services (e.g. sshd) authenticate a user using PAM (Pluggable Authentication Modules). By creating a custom PAM module, access can be configured in a number of different ways. Given that providing root-level network access is a serious security concern, any solution likely needs to favor security over convenience. Some features to consider are:

Having different levels of access.
If you are not the end user of the device, access should be centrally restricted and logged.
Limit high-privilege access to a private network.
Avoid granting access to multiple devices using one set of credentials (i.e., gaining access to one device should not give access to another).
Make access time limited.