Passwords & Security

I note that the password requirements of the management site aren't really up to date with modern requirements. It might be worthwhile to read a summary of the NIST password guidelines here:

Key points:

  • get rid of the complexity requirements in favour of longer passwords.
  • implement multifactor authentication

It would be nice if the HE could accept hardware keys as a second factor. Since you have linux under the hood, it should be fairly easy to add the second factor to improve hub security.

2 Likes

Are you specifically referring to the my.hubitat.com login?

1 Like

It was suggested a while ago , and it seems like it was under consideration, just not sure where it is in the priorities list.

1 Like

:roll_eyes:

Yes, the cloud enabled system. I got HE specifically for its on-prem capabilities. The authentication implemented in the cloud management system could expose a user to increased security risks.

The second part of my comments is just a wish. Since I've seen a new feature involving security, it would not be a bad time to improve the overall security of the system.

Small company, it is hard to get resources to do everything. I'm not looking for another job.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.