Managing Passwords (Release 4.1 and Prior)

Owned by Nina Cardillo
04-Jan-2024
7 min read

For SmartServer 4.2 and higher, see Managing SmartServer IoT Passwords.

You can change, manage, and reset the SmartServer system and CMS user passwords. You can use the SmartServer system password to log into the SmartServer Configuration page as well as the system console. You can use the CMS user password to log into the SmartServer CMS. 

Starting with SmartServer 3.2, if you change the system password on a SmartServer with a CMS user password that matches the system password, then the SmartServer software will change the CMS user password at the same time. If you change the system password on a SmartServer with a CMS user password that does not match the system password, then the SmartServer software will not change the CMS user password. If you change the CMS user password from the CMS, then the SmartServer software does not change the system password. If you re-image your SmartServer, then the SmartServer's password is reset to its default (printed on the back of your SmartServer).

To change the SmartServer system password, see Changing the System Password.  This procedure will also change the CMS user password if the two passwords are the same prior to the change.

To change the CMS user password without changing the SmartServer system password, see Changing User Passwords.

See also Defining Users (Release 4.1) for additional user tasks.

This section consists of the following:

Changing Passwords for Enhanced Security

With SmartServer 3.6 and higher, if you log into the SmartServer Configuration pages and Enhanced Security is enabled, and your password does not meet the strength requirements, then the Change Password dialog will appear requiring you to change your password. 

Enter the new password, confirm the new password, and click Update to save your changes.

Password requirements

See the Conforming to Password Requirements section for more information about password requirements.


Since the Enhanced Security feature is enabled by default, and the default factory password does not meet the enhanced security password requirements, you will always be required to change your password the first time you log into the SmartServer Configuration pages with SmartServer 3.6.

If the Enhanced Security feature is disabled, then strong passwords are not enforced and changing the password will not be required. For example, if you upgrade to SmartServer 3.6 from previous release that has the Enhanced Security disabled, and you have a simple password, then the first time you log into the SmartServer Configuration pages, you will not be forced to change your password.

Enhanced Security has no effect when using SAML or OAuth 2.0 Authentication Methods. Enhanced Security passwords are used when the Authentication Method is set to Basic. 

Changing the System Password

You can change the SmartServer system password for the SmartServer system username, which is apollo.  The initial password for the apollo user is printed on the label on the bottom of your SmartServer. 

With SmartServer 4.0 and higher, the SmartServer system password (apollo) cannot be changed using the SmartServer CMS.

With SmartServer 3.6 and prior, if you change the system password on a SmartServer with a CMS user password that matches the system password, then the SmartServer software will change the CMS user password at the same time. If you change the system password on a SmartServer with a CMS user password that does not match the system password, then the SmartServer software will not change the CMS user password. 

The username and password credentials on the System Configuration page are used to access the following SmartServer interfaces:

  • Configuration web pages
  • Local CMS web pages (if enabled)
  • IAP/MQ interface
  • MQTT interface

Remote CMS -- SmartServer 4.0 and higher

With SmartServer 4.0 and higher, the password that is used to access the Remote CMS MQTT broker is automatically propagated to all SmartServers that are connected to the Remote CMS. Manual intervention is no longer required to synchronize the passwords that are used by the SmartServers to access the Remote CMS MQTT.

To change the SmartServer system password, follow these steps:

  1. Open the SmartServer Configuration page.  

    The Network Configuration page appears.



  2. Click the System tab at the top of the page.

    The System Configuration tab appears.



  3. Click Change Password.



    The Change Password dialog appears.



  4. Enter the following information:

    Password requirements

    See the Conforming to Password Requirements section for more information about password requirements.

    • New Password

    • Confirm New Password

  5. Click Update.

Changing the Apollo User Password

This section applies to Smartserver 4.0 and prior.

The SmartServer CMS has a single user account with an account name of Apollo Owner and a username of apollo. The initial password for the default account is printed on the label on the bottom of your SmartServer. You can create other CMS user accounts and assign passwords to them as described in Defining Users (Release 4.1)With SmartServer 4.0 and higher, the SmartServer system password (apollo) cannot be changed using the SmartServer CMS.

With SmartServer 4.0 and prior, you can change the apollo user password using the CMS Users widget.

To change the apollo user password using the CMS Users widget, follow these steps:

  1. Open the CMS Users widget.



  2. Click the Action button () and select the Change Password action for the apollo user.



    The Change Password view appears.



  3. Enter the appropriate password information in the Current Password, New Password, and Repeat New Password fields.

    Password requirements

    See the Conforming to Password Requirements section for more information about password requirements.



  4. Click SAVE to store the new password.

  5. Optionally, you can change the system password to match the new CMS password.

Resetting User Passwords

You can reset the password for another CMS user if your user account is specified as an Owner user type. 

Resetting passwords requires that an SMTP server has been configured for the SmartServer and that a valid email address for the user has been provided, as described in Managing Customer and User Accounts (Release 3.6 and Prior).

To reset a password for another CMS user, follow these steps:

  1. Open the CMS Users widget.



  2. Click the Action button () for the desired user and select the Reset Password action. 



  3. Confirm the reset operation by clicking OK on the Confirmation dialog box. 



    If an SMTP server has been configured in the CMS for the SmartServer to use, then a message appears indicating that a password was sent to the user’s email address. For example:



    Otherwise, an error message similar to the following will appear.

Restoring the Factory System Password with the Connect Button

Starting with SmartServer 2.6, you can enable/disable system password recovery using the SmartServer Connect button (see Using the LEDs and Buttons section for more information).  When enabled, you can restore the factory system password by holding down the Connect button for 20 seconds.  Doing so resets the password to the factory default as specified on the label on the bottom of your SmartServer.  The SmartServer indicates it is resetting the password by changing the Ready LED to flashing red. When the password reset is completed, the Ready LED will change to blue and the SmartServer IoT will initiate an immediate reboot. 

Password recovery is enabled by default. If you want to disable this feature, perform the following steps: 

Warning: If this option is disabled, a lost password will require the SmartServer to be replaced.
  1. Open the SmartServer Configuration page.  

    The Network Configuration page appears.



  2. Click the System tab at the top of the page.

    The System Configuration tab appears.



  3. Clear the checkbox for the Enable password reset via the SmartServer Connect button option.

Conforming to Password Requirements

The password must be at least 14 characters long and must include each of the following:

  • An uppercase letter ( A-), a lowercase letter ( a-z )
  • A number ( 0,1, 2, 3, 4, 5, 6, 7, 8, 9 )
  • A special character ( ! # $ % & ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~ ).

The password must conform to the following restrictions:

  • Single quote ( ' ), double quote ( “ ), spaces, and tabs are not allowed.
  • Systematic characters (e.g., 1234 and other commonly guessed character patterns) are not allowed.
  • The New Password and Confirm New Password entries must match.
  • The New Password cannot match any one of the last five passwords.

To reveal the disguised password characters, click the System Configuration page → Show Password checkbox or SmartServer CMS → Show Password button ().

Restoring a Lost CMS Password Using Email

THIS FEATURE IS AVAILABLE FOR SMARTSERVER 3.6 AND PRIOR.

You can enable email password recovery for a CMS user.  To enable email password recovery, follow these steps:

  1. Configure an SMTP server as described in Configure Your SmartServer.

  2. Enter a valid email address for the user as described in Managing Customer and User Accounts (Release 3.6 and Prior).

To restore the password for a CMS user with email recovery enabled, follow these steps:

  1. Enter your login name on the SmartServer CMS login page.



  2. Click the Forgot Password button.



  3. Check your email for a message providing a new password and use it to log in.