Admin account best practices

The admin dashboard controls everything about your booth. Prices, sales data, hardware config, customer photos. If someone unauthorized gets in, they can drain credits, change prices, or read your sales history. This article covers the practices that prevent that.

Who this is for: Every operator with admin access.

The single most important rule

Warning
Change the default passwords immediately. Don't leave the booth running with admin / admin123 and user / user123 for even one customer session.

The defaults are documented (in this doc set, in support materials, in the source code) and are the first thing anyone trying to break into a BoothIQ booth would try. Change them as part of First login and password.

Password rules

A good admin password:

  • At least 12 characters long. Longer is better.
  • Mixes letter case (upper and lower).
  • Includes digits and symbols.
  • Is not a dictionary word or a common phrase.
  • Is unique. Not reused from your email, your bank, or your other accounts.
  • Is stored in a password manager, not on a sticky note next to the booth.

Examples of bad passwords:

  • admin123 (the default. Never use this)
  • password, password123, Password!
  • boothiq, BoothIQ2024
  • Your business name
  • Your phone number, your birthday
  • Anything a customer might guess by looking at the booth

Use a password manager

The best thing you can do for your booth's security is use a password manager:

  • For yourself: 1Password, Bitwarden, KeePass, your browser's built-in password manager. Any of them is fine
  • For your team: a shared vault in 1Password, Bitwarden, etc., so multiple operators can have the same booth password without exchanging it over Slack or text

Don't write the password on the kiosk itself. Customers will see it.

Set up the recovery PIN

Every admin account on a BoothIQ booth has a Recovery PIN. A 4-6 digit number that lets you reset the password if you forget it. The default PINSetupRequired flag for new accounts is true, meaning the booth will force you to set up a PIN on first sign-in.

Pick a good PIN:

  • Not 0000, 1234, 1111, 9999
  • Not your birthday or phone number
  • Memorable to you, opaque to anyone else

Where to store it: Same place as your password. Your password manager. Each admin user has their own PIN; track them separately.

For the recovery flow, see Locked out of admin.

Master vs User accounts

BoothIQ has two access levels:

  • Master. Everything: settings, products, templates, hardware, sync, user management
  • User. Limited: sales reports and basic credit operations

Use them appropriately:

  • Reserve Master access for yourself and trusted technical staff. Master accounts can change prices, delete templates, regenerate API keys. They can really mess up the booth.
  • Give User access to floor staff and venue managers who need to see sales but shouldn't be touching products or templates.
  • Don't share one Master account between multiple people. If you have multiple staff who need admin access, create separate accounts for each.

Don't share admin accounts

Each admin user should have their own account. Reasons:

  • Audit trail. When someone makes a change, the booth knows who did it.
  • Different PINs. Each user has their own recovery PIN. If one user forgets theirs, the others aren't affected.
  • Account-level lockout. If one user is brute-forcing the password (or fat-fingering it), the booth locks that user, not all of admin.
  • Easier offboarding. When a staff member leaves, you delete their account. You don't have to change every other admin's password.

To create new admin accounts, sign in as a Master user and use the Settings tab → User management area.

Never leave admin unattended

When you're done in admin, always tap Exit Admin at the bottom of the sidebar. Never:

  • Walk away from the kiosk with the admin dashboard up
  • Leave the kiosk on the admin login screen mid-session
  • Let a customer "help themselves" if they ask to "look at the settings"

If you need to step away briefly, exit admin first. Re-signing in only takes a few seconds.

Watch for shoulder surfing

When you're typing the admin password on the kiosk, watch for people behind you who might see what you're typing. The on-screen virtual keyboard is large and visible from a distance.

  • Stand between the screen and any onlookers
  • Use the password show/hide eye toggle judiciously (hide when typing, show only briefly to verify)
  • Don't sign in to admin while a curious customer is hovering

Change passwords periodically

Best practice for any system:

  • Change all admin passwords every 90 days (or whenever a staff member with access leaves)
  • Change immediately if you suspect a breach (someone saw the password, the kiosk was unattended in admin mode, etc.)
  • Re-set the recovery PIN when you change the password

If you have multiple booths, use a unique password for each booth and store them all in a shared-vault password manager (e.g. a team vault in 1Password or Bitwarden). This way, a leaked password on one booth doesn't compromise your entire fleet.

Watch for failed login attempts

BoothIQ's rate limiter locks out an account after several failed attempts. If you sign in and notice you're being told the account was recently locked (or you see suspicious failed-login activity), someone may have been trying to brute-force the password.

If this happens:

  1. Change the password immediately.
  2. Set a fresh recovery PIN.
  3. Investigate. Was the kiosk in an unsecured area? Was it left in admin mode? Is there a customer or staff member who's been trying to get in?
  4. (If serious) Contact support and have them check the audit logs.

Don't write passwords near the kiosk

This might seem obvious, but it's the single most common security failure on physical kiosks:

  • Don't tape the password to the kiosk
  • Don't write it on a sticky note next to the cash box
  • Don't put it in a "manual" left at the venue
  • Don't share it via SMS / Slack / email and leave the message visible

Use a password manager. Always.

Verify your security setup

You're following best practices when:

  • The default admin and user passwords have been changed
  • Each admin user has a unique recovery PIN set up
  • Master access is limited to people who need it
  • No passwords are written down anywhere physically near the booth
  • You exit admin mode before walking away
  • Your password is in a password manager

Common security mistakes

Leaving default passwords.

Anyone with internet access knows your password.

Sharing one admin account between staff.

No audit trail; offboarding is painful.

Writing the password on the kiosk.

Customers see it.

Leaving admin mode up unattended.

Random people get full access.

Using a weak PIN like 1234.

Anyone can reset your password.

Reusing the booth password elsewhere.

A breach in another system compromises the booth.

Next steps