Synoguide · April 30, 2019 0

The most important security setting for your Synology: The reset option

I received this comment on  my article on how to reset the synology password article last week:

“Hello! Very interesting article and very interesting blog.
In DSM I have recently seen an option:
Control Panel —> Update & Restore —> Reset —> Reset Option
There is an option to tick:
“Keep current admin password unchanged”
With the following explanation:
“You can keep the current admin password unchanged if you press and hold the RESET button on your DiskStation for 4 seconds for system reset”.

Does it mean that if I tick this option and in the future I will forget the admin password I will be locked out my Synology even if I will press the reset button for 4 seconds? The DSM help doesn’t mention this option and I couldn’t find info of it on the internet. Thanks again.”

Reset Option on your Synology

I wasn’t aware that the option was there, but after I checked my synology, there it is:

  1. Control Panel
  2. Update & Restore
  3. Reset
  4. Keep your admin password unchanged

control panel reset synology.jpg

So, what does that mean?

I googled it and I couldn’t find anything, so there was only one thing left to do: try to do some thinking of my own 😉

So, what is going on? Why and when would you not want to be able to recover your password?

And then it hit me: what if somebody breaks in your office or home?

The dangerous back door….

So if a thief breaks into your office or home, and knows a little bit about synologies, to be able to get access to all your files and the system, the only thing they need to do is to press the reset button.

Suddenly what it was a great feature it is a huge security risk.

So all my synologies have now that option ticked. If they break into my office I wont make it that easy for them to steal my data and I recommend you do the same.

Suggestion to synology

This is a big flaw in the synology system. The design of this feature is flawed and dangerous.

This is a suggestion to synology to improve this.

I forgot my password or the admin left the company or….you know, you need the admin password, then yes, reset the password, but before you can access it again, you need to go through the 2-step authentication, so if they want to get my data, they need to steal my NAS and my phone. Not impossible, but harder to do.

Next post it will be on the configuration series and I will talk about moving files to your brand new synology.

Have a nice day 🙂

<– Read More on –>