Sign in to follow this  
Followers 0
RobinEriksen

Factorytalk password

9 posts in this topic

Hi,

We have some HMI screens where some pages are password protected to prevent everyone from accessing. The problem is that "everyone" knows these passwords now. I can ofcourse change the password but it will just take a couple of weeks and everyone will know these passwords...

 

Is there a way to make the password change daily and have the correct password appear in an Excel document? We have this on a Siemens HMI and I like it, but is it possible on a Panelview HMI? 

Robin

Share this post


Link to post
Share on other sites

We've written a routine in the PLC that adds the numerical value of the date so that the password changes every day.

1 person likes this

Share this post


Link to post
Share on other sites

At a previous employer, the password was the Julian date (day of the year) of the preceding Sunday. One of the 3rd shift maintenance guys would go around every Sunday morning and change the passwords. It wasn't reliable because sometimes he'd be too busy or he was out. I ended up automating it.

Are you looking for an algorithm that you can implement in the PLC and in Excel so someone with access to the spreadsheet can look up the password? Or do you want the PLC to calculate the password and have it show up automatically in Excel? The first option won't be difficult if you keep the date & time updated in the PLCs. The second one will require a data connection to the PLC which won't be nearly as straightforward if you don't already have something like that in place.

 

Share this post


Link to post
Share on other sites

Thank you to both of you for answering. 

Joe, yes I would like the first option. And I dont want the password to be "something + the date". That would make it too easy. I would like the password to be 4 random digits every day.

 

Do you think you could guide me in the right direction? 

Share this post


Link to post
Share on other sites

Hmmm...

The simplest thing may be to just use Excel's RAND function to generate a series of random numbers to populate a look-up table in the PLC.

Here's one idea, inspired by your desire for it to be random digits: https://www.geeksforgeeks.org/pseudo-random-number-generator-prng/

It was fairly straightforward to implement in Excel but I don't have a PLC on my desk any more to make sure it yields the exact same numbers. You'll have to do some manipulation (other than rounding/truncating) to make it always be 4 digits without leading zeros if that's important to you.

You would also not be able to use the user administration that's built into the HMI. Do you have the source code for the Siemens HMI to take a look at how they did it? If you're using the runtime security functionality built into HMI, I don't know of a way to automatically change the password every day...but that doesn't mean it can't be done.

1 person likes this

Share this post


Link to post
Share on other sites

Thank you for your reply. 

I will experiment some and see if I can figure out how to do it. 

Unfortunately I dont have access to the source code for the Siemens HMI. 

Share this post


Link to post
Share on other sites
On 2.7.2020 at 11:07 PM, pcmccartney1 said:

We've written a routine in the PLC that adds the numerical value of the date so that the password changes every day.

Have you done this with the built in security function in the HMI?

Share this post


Link to post
Share on other sites

I don't think so, it's either in the PLC with macros in the HMI or use the built in security functions of the HMI.

To clarify, the user name and passwords are based upon the Microsoft security.  The HMI does have an ability to change the password, but it is a manual intervention and only applicable to the application running on the HMI (i.e. the MER).  It won't even be the same when compared tot he project within FactoryTalk View ME.

So, if you want something that is random and automatic, you'll probably want to do it in the PLC.

Edited by pcmccartney1

Share this post


Link to post
Share on other sites
1 hour ago, pcmccartney1 said:

I don't think so, it's either in the PLC with macros in the HMI or use the built in security functions of the HMI.

To clarify, the user name and passwords are based upon the Microsoft security.  The HMI does have an ability to change the password, but it is a manual intervention and only applicable to the application running on the HMI (i.e. the MER).  It won't even be the same when compared tot he project within FactoryTalk View ME.

So, if you want something that is random and automatic, you'll probably want to do it in the PLC.

That squares with my experience. We were repeatedly tasked with changing the passwords in a series of machines that all used the built-in runtime security system, which required going out to the machines (about 20 or so total HMIs), editing the project, and downloading it. It was an all-day task that we really didn't have time for. I spent a couple of days figuring out how to let them change their own passwords (very easy) and backup/restore them so we could make runtime changes at will (a lot more complicated). When we investigated doing that to the PV+ HMIs, we found out from tech support that the current password is stored in the MER file inside the HMI, so if we wanted to keep the passwords after making our changes, we would have to upload the existing MER from the HMI and restore it into View Studio. We wouldn't be able to use our APA project backups at all.

I'd say to change from using the built-in user administration in the PV+ to using a number stored in the PLC. Make sure you're OK with anyone who can get into the PLC having access to the passwords, though. Then write either a pseudo-random calculation or look-up table.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0