Spending $350 on a doorbell has demonstrated your a sucker, all they are doing is having another dip in the suckers pockets, pretty standard practice really.
No point in looking for suckers unless your going to milk 'em dry.
Video doorbell company Doorbird charges its customers $80 for a remote admin password reset, an outraged customer has said. Robin Hunt told The Register: “I bought a DoorBird IoT intercom. Then my mobile phone broke, which had the admin password on it, so I mailed them and asked what to do.” The company responded by sending …
It's OK , Sir. You're what us tech types refer as a "Computer User, Not Technical".
The error you have is called an I.D.10.T error and the reason is that the chair to keyboard interface has malfunctioned.
Knowing that, Sir, does that make $80 any less of a bitter pill to swallow?
Oh yea, they do call it IoT (Idiocy of Trash). Could be worse I suppose, in that it isn't as stupid as providing building entry via IoT. Oh wait, it is that stupid. Why not just nail a door key to the front of the door, or just remove the lock?
Yeah. It's hard to click a few buttons on a form...
I'm surprised the default password isn't printed on it so a factory reset (which ought to be a local operation, like power up with a button held or something) will restore it. Needing to contact the mothership for that means... well, I'd toss the thing in the bin.
"Yes, that's a superb idea for something that is stuck on the outside of the house."
I've not seen the device and may be making an unwarranted assumption, but sure a $350 device will be on the inside of the house with the just the bell push/camera on the outside?
"I've not seen the device and may be making an unwarranted assumption, but sure a $350 device will be on the inside of the house with the just the bell push/camera on the outside?"
That's what I thought. But a little investigation shows that it is entirely external. All it does is replace the bell-push with a combined internet-connected bell-push/camera/entry-phone box.
I like the instructions: remove the bell-push. You will see at least two wires. Connect it to these two wires. [My emphasis]
"That's what I thought. But a little investigation shows that it is entirely external. All it does is replace the bell-push with a combined internet-connected bell-push/camera/entry-phone box."
Ta for that. It's just gets worse...
Yes, that's a superb idea for something that is stuck on the outside of the house.
Did you not see the IoT bit? That means that a publicly readily accessible master rest to default admin password ('admin' more than likely) is SOP.
When they don't want to have to do it. In truth the measures they are taking are fairly robust, the only complaint here seems to be the charge - but this is partly down the the user, who's apparently keen on IoT not wanting to share their e-mail address with them.
Ironic as they're happy to have an IoT device control who can swan into their house.
Pffft n00bs.... or millennials (everything's in the cloud init?)
Filled with all the documentation and warranty info for every device I've ever purchased in the past 20 years. Even some devices I no longer own...
As the little woman has bought a mulit-functional, I have been toying with the idea of also scanning this info as well.
It might seem extortionate at $80 but considering the time in doing the checks, cost of delivery via courier, etc. it isn't as unreasonable as it sounds. Let's be honest, you are more likely to take care of the password or complete the registration details if you know you are going to be charged that much for a reset.
Don't forget if you have registered an email address the reset is done free of charge.
3 points do spring to mind though:
1) If you pay for the reset they could offer a discount for sending it to an email address, as there are no courier costs
2) You should be able to change the password to one you would remember, then you aren't as likely to forget it if you lose the device you have it stored on, albeit not a guaranteed solution
3) Use a password manager which works across multiple devices, or store a copy of the file on multiple devices. Discounting the risk of the password manager being hacked would you store your passwords on a single small portable device which is open to breaking down, being dropped and damaged, lost, stolen..... as the single source for these passwords?
"it isn't as unreasonable as it sounds"
My first reaction to the headline was that this adds a new meaning to lock-in. But overall I think you're right: they're doing as much as they can to ensure the user's security and that must incur costs. It will also encourage the user to take better care in the future.
OTOH would I wish to qualify for their customer service? No. A hardware lock and the doorbell that's been there for most of the last 50 years does the job fine. The only extra expenditure was a new bell-push.
Sad, really, this story.
The company are clearly doing the right thing, punter did not get the basics right, although it is not quite clear IF he changed the admin password:
1. Change admin password.
2. I back my phone up, regularly.
3. I add the factory password to my password manager, I write the procedure to reset the device into a file on my NAS, that is regularly backed up to another drive that is usually offline (when not used as backup), then destroy the piece of paper with password before discarding it.
Then again, why buy a doorbell with internet access, that is asking to be burgled!
> My bank doesn't charge me $80 for a password reset!
Except your bank also wouldn't let you setup your account in the first place without providing ALL of your details, and if you'd provided those details this wouldn't be an issue! They're not charging $80 for a password reset (there's nothing stopping you resetting your own password... you just need to not lose it), they're covering their costs while they make absolutely bloody certain you are who you say you are and ensuring they don't accidentally become the next security blunder headline.
If it was me I would be pissed off but I'm with Doorbird on this.
You can't just expect a company to give you the password without security checks. This is America and I'm pretty sure if someone had control of your email address and emailed doorbird then they gave them the password that doorbird would be sued and you would be a lot more than 80 dollars worth of pissed off.
You can't just expect a company to give you the password
No, but if you have physical access, dismantling the device apparently gives you access to the contacts for the door release. So you could have a button inside to reset it to a default password without significantly changing the security offered, I would think.
Look at the perspective of a thief: having to pay is going to stop thieves from firing bulk demands for reset at this outfit.
It's IMHO not *that* outrageous, although it probably would be better that they print big fat warning notices on the password paper.
I'm sorry, Dave. I'm afraid I can't do that. Unless you pay $80.
But I don't carry $80 in a space suit.
Dave, this conversation can serve no purpose anymore. Goodbye.
Sounds fair enough to me, just because you physically can't see something, doesn't mean requires no effort to fix. You have to pay for lost keys, that sort of thing. Why should you get all work done for free just because you can't actually see the work being done?
The point is that people need to be re-educated, and in this IoT economy, we are going to see more and more of this sort of thing happening. That's apart from the fact that spending more than £15 on a doorbell should be illegal.
A password reset is free if you registered your device which gives them a verifiable link between the device and your contact details.
A password reset if you've managed to lose the password *and* didn't register is charged because they make a lot of effort to verify who you are without the benefit of the cheap verification that registration would give.
Or would he really prefer they just hand over access to random people with no checks of anything?
PS the headline is as misleading as the guy is stupid - password resets are free. Security verification for resets of unregistered devices is not.
£12 gets you a doorbell that you can only respond to while you're at home. I understand the main novelty of this device is that you can respond to a caller when you're not at home - either it makes it look like you are at home and just too lazy to come to the door (maybe it might dissuade a burglar, maybe), or you can let a trusted visitor in without having to be there yourself. Personally I'm not interested in either of those usage cases so I'd be there with you and the £12 bell, but there are probably a few people for whom those novel uses would be appealing.