I note that the password requirements of the management site aren't really up to date with modern requirements. It might be worthwhile to read a summary of the NIST password guidelines here:
Key points:
get rid of the complexity requirements in favour of longer passwords.
implement multifactor authentication
It would be nice if the HE could accept hardware keys as a second factor. Since you have linux under the hood, it should be fairly easy to add the second factor to improve hub security.
Yes, the cloud enabled system. I got HE specifically for its on-prem capabilities. The authentication implemented in the cloud management system could expose a user to increased security risks.
The second part of my comments is just a wish. Since I've seen a new feature involving security, it would not be a bad time to improve the overall security of the system.