The user doesn't get logged out from the forum if the TP-link ID password has been changed
I can change my TP-link ID at https://www.tplinkcloud.com/admin.php, but if I change password using that link, I don't get logged out on this forum.
IMHO, this is terrible for security. If somehow, my account's credential got leaked, I will have no way to lock the hacker out of this forum.
Also, this forum doesn't do 2FA, even if the TP-link account has 2FA on Tether app. This is related to https://community.tp-link.com/en/home/forum/topic/597544
Here's an opinion of a PWM company of how password security should be implemented (from Bitwarden's Industry Leaders Security Rankings: Personal Email Services Edition). TP-link isn't there yet, but perhaps should be there for being the first/second security barrier into the users' home networks.
Coming in hot with a perfect score is the wildly popular Gmail which brings it home in every category. Password pasting? Check. 2FA? Check. Authenticator hardware? Check. When it comes to password security, the folks over in Mountain View are doing something right.
Password Security: Good
✅ Allows passwords that are ≥ 40 characters
✅ Allows users to paste passwords
✅ Offers two-factor authentication
✅ Allows authenticator apps
✅ Allows authenticator hardware
✅ Informs users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 100%