2FA & Sign in Alerts
Why is there not an option to enable two factor authentication for my account? Also, why is there not an option to receive email alerts whenever my account is signed into?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thank you for your feedback regarding 2FA.
So far there is no news regarding that, but they are aware of the desired feature.
- Copy Link
- Report Inappropriate Content
@Tony in todays world, how can you not support mfa. Imagine the poor publicity you will get if you suffer a breach and 1000s of home networks are compromised due to the lack of you offering what is now considered a minimum standard of security. Just bought some deco units which are really good but will have to return them as I don't want to expose my network to your poor security standards.
- Copy Link
- Report Inappropriate Content
Not sure if it matters but you might want to vote here: https://community.tp-link.com/us/home/forum/topic/231012.
- Copy Link
- Report Inappropriate Content
@Tony Still no news? this is unacceptable how can you sell remotely accesible cameras and not have at least 2fa? this is very risky for you and your users. this is a disaster waiting to happen.
- Copy Link
- Report Inappropriate Content
@Tony It's been nearly a year and the option to use MFA is still not available. How is this not a priority!? This isn't just a desired feature; This is a required feature and has been for years. Why isn't security something TP-Link takes seriously?
- Copy Link
- Report Inappropriate Content
Aside from the missing support for 2FA/MFA, I'm suprised at the lack of security related alerts/notifications/logging. The "system logs" for all my TP-Link devices (AX73/AX5400 router, TL-WPA8631P extenders) are very sparse and do not capture any failed logins attempted through their web interfaces. Every other router/access point I've owned would display a conspicuous banner or warning at the next successful login whenever such a security violation event occurred (and provide additional details in the system logs).
Likewise, the Tether app offers no indication or warning about failed authentication attempts, neither via immediate email notification nor at the next successful Tether connection. This is a basic, industry-wide practice for cloud-based applications. It's strange that Tether can and does send notifications about new (nearly useless) weekly reports but cannot send notifications about failed authentication attempts or tether connections attempted from unrecognized devices/locations. I've observed the same lack of security logging with the tpPLC powerline utility (windows application).
And last but not least is the public disclosure/usage of ssh port 22 for TP-Link's various app connections. Rather than listen on a custom, privately guarded port, TP link built dependencies on the widely recognized default port for SSH. This port will immediately be detected by the most cursory of port scans and invite would-be intruders. And yet again, any and all attempts to probe port 22 generate no notices, logs, or alerts for the device owner (as I've observed with TL-WPA8631P extenders). Again, it's common practice to block port 22 as a general rule and only open it when needed and/or listen for ssh connections on a different port instead. But moreover, when maintaining an active, open socket on port 22, it's critical that all activity be monitored closely and intrusion detection be enforced. But oddly, this isn't the case.
I've only recently migrated my home network to TP-Link devices. The switchover has produced many benefits that I'm happy about. But overall, I'm not very impressed with the level of security. Hopefully this can be improved, and sooner rather than later.
Thanks,
Mike
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 1321
Replies: 6