How to Change the Pfsense default password?

When you first install pfsense, normally, you need to configure a suitable Wan and Lan IP address, Once done, You will be able to access its web interface on the Lan IP address, Once you input the Lan Ip address on the browser you will be given a login page asking for Username and Password, Pfsense default username is “admin” and the password is “pfsense“.

Once you enter the default login details, the setup wizard page will open and then you will have to enter some general information for your firewall lastly, it asks you to change your default admin password.

For production use, it is a must to change the pfsense default password to something strong. Once you enter the password then pfsense restarts itself and allows you to log in with the new password.

You can also change the pfsense default password by selecting from the top left menu System–>User Manager–> Users, on the Users page, select the pencil button against the admin Username.

After selecting the pencil button user properties page will open, just change the pfsense default password to something strong then confirm it by re-entering the new password and then press the Save button underneath. Once changed you can then log back in by entering the new password.

Changing the default password also changes the SSH Login details, by the way, the default ssh login details are:

username: root

password: pfsense

So you need to use the new password for the ssh access to pfsense.

Pfsense default password not working

There is hardly a case reported or a bug in which you face the situation where freshly installed pfsense default username and password do not work. There may have been a case where your pfsense default password is compromised or you have changed the default password to something else and later forgotten or there was a typo while typing the new password.

In all such cases, you can always revert back to the default password and try changing to a new password.

To revert the password to default, you need to have access to the console (CLI), once you have access choose option #8, this will open the shell access, and here you will write the following command: /etc/rc.initial.password.

After you press enter you will be asked to confirm so you confirm with a “y”. Once done then pfsense will be restored to the default password “pfsense” and don’t worry it does not mess with your settings or new users in the system.

Change the Pfsense default Login Username and Password

For your production pfsense community edition or Pfsense Plus, It is advisable that you change the default login username “admin” and password “pfsense” to something stronger, the reason being attacked as a web exploit resulting in losing control of the firewall.

As the rogue user already knows the username “admin”, so the firewall can be compromised. A simple defense strategy would be to disable the default user admin and create a new user with administrative privileges.

The admin user cannot be deleted as it’s used by different system services internally but it can be disabled for WEB GUI access.

To create the new user select System–>UserManager–>Users and Press the Add button, this will open a window asking for new user information, just enter the desired information in the following text fields shown in the screenshot.

Once you entered the text then select admins at the Group membership field and then select “Move to Member of list” this will provide admin rights to the new user and make it a member of the Admin group.

Once done, log out from the GUI and log in with the new username and password, and lastly, disable the default admin user by selecting from System —>User Manager—>Users and then select the pencil button against the admin account and then select the check box for “This user cannot log in” and then hit the save button.

Thus the new user gains admin rights.

But what of ssh access? the default credentials may have changed and the admin user is locked as well but this only holds for the web Gui access.

you can still use username admin or root for the ssh access, i.e ssh admin@ pfsense lan address, so it’s always a good idea to change the default admin password for the GUI which thus changes for the ssh or CLI access.

In a case where you need to access your pfsense from the wan over the internet then it is advised to enable secure GUI access from wan.