Password Override Jumper on RTAC 3505

By jmkengineeringadmin

Have you ever arrived at a site and there is no password for the device? You have to log on the PLC or RTU but the owner doesn't know the password and it isn't written down anywhere?

Or maybe you have a bench unit that you forgot the password for. That's what happened to me this week. I finally got around to upgrading the firmware on my RTAC 3505 but I forgot the password.

Luckily SEL knows that this happens and they have a work around, assuming you have physical access to the device. There is a jumper for that.

First download the instruction manual

In case your device is different from the one that I'm working with, make sure that you download the instruction manual.


Why this is a secure method

The reason the jumper method works is that you have to have physical access to the device. This is not something that you can "remote" into it and lock out everyone, you have to be able to power it down, remove it from where its mounted, open the device, add the jumper and then power it back on before changing the passwords.

If this is a critical facility, you will have your first indication that something is wrong when the device is offline, and you can go and check what's happening. If you believe the device has been tampered with, you can take your backup settings and re-upload to the last known settings and be back running with a secure system.

Open the RTAC

Opening the RTAC 3505 is four screws, then you tilt/slide towards the end of the RTAC with the serial ports.


Add the Jumper

Once open you find the JMP terminal strip. If you are old like me you remember the jumpers on IDE harddrives, its the same style here.

SEL even includes a couple of Jumpers, one for the factory reset and the other for password override.

Install the password override jumper, in this case its JMP3, and then power up and log in.


Connect to RTAC with default username

I used the USB connection and when you get to the log-in screen the default username is "Edison" without a password. Now you can update the users with new passwords, remembering to add them to your password manager (I use 1password) so you don't have to go through this again.

Connected over USB

And change the password.


Put everything back together

Then its a matter of removing the password again and placing the device back in service, or in my case upgrading the firmware.


15min for the entire process

This entire process takes no more than 15min and that is pretty awesome for a secure way to reset access information in the event of a failure in IT procedures.


If you like posts like this be sure to share on Linkedin or Twitter.