A second check before anything on your NVR changes
Logging in once and then having full power over a system forever is how most software works — and it's a problem the moment someone else is at the keyboard. Here's how Calyston re-asks before destructive actions, and how you recover if you ever forget the password.
Most software has one gate: the login screen. You type your password once, and from that moment until you log out, anything is possible — delete a camera, wipe a week of recordings, reformat a disk. The system can no longer tell you apart from whoever is sitting at your screen ten minutes later while you grabbed a coffee.
For a video recorder, that's the wrong default. The whole point of the thing is to be trustworthy. So Calyston adds a second, smaller gate — right before the actions that actually matter.
Watching is free. Changing asks again.
Calyston splits what you do into two kinds of action, and treats them differently:
- Looking — live view, scrubbing back through recordings, opening a settings page to read it — never prompts. Re-asking for a password just to watch your own footage would be friction with no payoff, and friction is the one thing a self-hosted system can't afford to add.
- Changing the system — deleting a camera, deleting a recording, switching the storage disk, editing settings that change how the NVR records — asks for your admin password again.
It's the same idea as sudo on Linux, or the confirmation your phone wants
before it wipes itself: ordinary use is smooth, but the irreversible stuff has a
deliberate speed bump in front of it.
One prompt, then a quiet window
Nobody wants to retype a password on every click. So when you confirm, Calyston opens a short elevated window — about ten minutes. Configure several things in a row, and you're asked once, not once per change. When the window lapses, the next destructive action asks again. It's the balance between security and not being annoying.
The honest version
We'd rather explain the limits than oversell. Today Calyston has a single admin, so this second check re-asks the same password you used to log in. That's a modest barrier against someone who already knows your password — but a very real one against the situation that actually happens: a session left open on an unattended machine, and a deliberate pause before anything catastrophic. Proper separate accounts — a viewer who simply can't delete anything, no matter what — are roles we're building next.
What happens if you forget the password?
Here's where being self-hosted changes the answer entirely.
Cloud products offer "reset via email" because they hold your account — and the flip side is that whoever controls your inbox can take over your cameras. Calyston has no cloud account to reset, by design. So recovery works the way it should for a box that lives in your building: you run a command on the machine itself.
calyston-admin reset-password <username>
It prompts for a new password and sets it, right there on the device. That's it.
This isn't a workaround — it's the correct trust model. Physical access to your hardware is the root of everything. Someone standing at your NVR can already pull the disk; letting them reset the password too costs nothing. But nobody remote — not an attacker with your email, not us, not any vendor — can reset it, because there's no remote door to walk through. We literally cannot get into your system. That's the point.
The short version
- Looking at your cameras and footage is always frictionless.
- Changing the system re-asks your password, then stays unlocked for about ten minutes.
- Forgot it? Reset it with one command on the box — no cloud, no email, no vendor in the loop.
Your hardware, your footage, your keys. Even from us.
Written by the Calyston founder · self-hosted video management. Get Community free →