Multifunction Printers (MFPs) provide businesses with an all-in-one document management solution that helps to maximize productivity and efficiency in the workplace. However, with today's MFPs becoming more advanced in their functionality and connectivity, business leaders must take the security of their print environment seriously.
Much like a networked business system or a physical computer, MFPs are often targeted by malicious attackers for the sensitive materials they receive and store. When a MFP receives data transmissions for scan and print functions, various information becomes stored on physical hard drives inside the machine. If left unsecured, these machines can be exploited, and those drives can be a source of data leakage.
While there are many steps businesses can take to secure the hardware on their business networks, one of the most effective ways to keep your MFP protected is simply by changing its default password. Here is a basic guide on how you can do this, as well as a few best practices when managing your passwords.
How to Change Your MFP Password
Nearly all modern MFPs are manufactured and programmed with basic security protocols that allow you to secure the access of their internal data stores. One of these protocols is to assign a default password that restricts users (internal or external) from being able to access MFP settings, network configurations, and hard drive security modes. However, these default passwords are not meant to be a permanent security solution and should be changed immediately once the new machine has been set up.
While every MFP may have different navigation settings, most administrator passwords can be changed by following the steps:
- Navigate to your MFP's onboard or web-based utility and find the settings menu.
- Follow navigation procedures of your machine to access the "administrator settings" section.
- In some cases, you may now be prompted to enter your administrator password. This will have been provided to you by your managed services partner or will be listed on your installation and setup documentation.
- Once you've gained access to the "administrator settings" section, look for "security settings" and navigate to "administrator password."
- Here you'll be able to choose a new administrator password for your device by following the prompts.
Password Management Best Practices
When managing passwords on your MFP, there are a few best practices that you should follow to maximize the security of your device:
- Use Passphrases If Possible - Every MFP is different when it comes to character restrictions and acceptable formats for administrator passwords. If possible, use long passphrases with a combination of letters, numbers, and special characters. This makes brute force entry into your networks very difficult for attackers to achieve.
- Use Different Passwords for Each Level of Access - It's essential to assign Administrator and User passwords in different formats. In some organizations, employees and office administrators will use the same organizational password formats for easy recollection for all parties. However, if any employees MFP access credentials become compromised, malicious attackers can and will use the same credentials when trying to access administrative sections of the MFP. Creating unique formats for both administrators and employees will add an extra level of protection to avoid this from happening.
- Use Multi-factor Authentication When Possible - Multi-factor authentication (MFA) is a newer technology available on most modern MFPs that requires multiple categories of evidence to be provided before granting access. This includes the use of passwords, pin numbers, mobile applications, and even fingerprint scans. This ensures that even if one set of login credentials become compromised, it will be highly unlikely a second or third validation could be provided.
Changing the default password of your MFP is a straightforward process, but is many times ignored as a necessary security precaution to take. By following this basic guide and best practices, you can take a significant stride in protecting the digital assets of your organization while supporting your ongoing cybersecurity initiatives.