Having wasted 6-8 hours of my life over the past month trying to figure out what the hell was going on with my new security cameras, I think I have finally found an answer, and it all comes down to shit software.

One can setup the FLIR security cameras via a web interface.  Among the first things I did was to change the default password from admin/admin to something else.  Later, when I tried to setup the FLIR Cloud Client software (some desktop application that lets you see all your cameras, record stuff etc), it would find my cameras, but they would fail to connect, even though I was SURE I was entering the password correctly.

After failing to connect, I’d go back to the web interface and find that my account was now locked out!

So I’d have to pull the power on the cameras (which meant a trip down to the basement) to force them to reboot and release the lock on the admin account.

After a ton of trial and error over many days, I finally discovered the issue:

The FLIR Cloud Client won’t work correctly with any password over 10 characters in length.

I shit you not.  The web interface works with 11 character passwords just fine.  The Cloud Client software also has no issue with accepting a 10+ character password (it doesn’t complain about it, or stop you from typing the 11th character), but somehow it mucks it up, and not only does it fail to login, but it must try over and over and over, thus instantly locking the account.

This is so frustrating because it has cost me so much time and because it’s only a shitty software product that would allow a situation like this.

For a “security company” I also found out that FLIR is almost certainly not storing users passwords correctly.  After signing up for their DDNS service, they sent me an email 10 minutes later with a bunch of information, including my password in clear text.  Aside from how horrible that is in and of itself is, this almost guarantees that users passwords are being stored in some way that is retrievable, meaning that I should basically assume that password is known by others.  Facepalm.

I hope this saves someone else all the time and frustration that I’ve gone through.