Systems without passwords

Updated: October 26, 2022

In order to log into a system, users must authenticate themselves to the system. Two common approaches for doing so are by providing a username/password pair to the system, or by using public-key cryptography. Either way, it is not desirable for multiple systems to be configured in such a way that the same set of credentials can be used to log into each system.

QNX is recommending customers do not include default passwords in their QNX-based products to avoid the creation of a master image with passwords. It is impossible to keep a password secret that is shared over thousands of devices and known by many developers. Some countries are introducing legislation to prevent products from using hard-coded or default passwords.

Possible solutions

Many services (e.g. sshd) authenticate a user using PAM (Pluggable Authentication Modules). By creating a custom PAM module, access can be configured in a number of different ways. Given that providing root-level network access is a serious security concern, any solution likely needs to favor security over convenience. Some features to consider are: