Stop Using Social Login for Remote Access


  • I am very pleased with our Amplifi Mesh Wi-Fi System installation but have one security-related request: It's imperative that you provide a NON-social-media login for remotely logging in, primarily for both privacy and security purposes, and add to it multi-factor authentication.

    While implementing social login is easy — and often assumed by developers to be the path of least resistance since these big companies can protect user credentials which is hard to do as a smaller company — that "big company" assumption has been proven false and highly risky:

    IMHO, use of social login also assumes that the user has great password practices and/or uses multi-factor authentication ... so if the user doesn't implement best-practices when it comes to protecting their Google or Facebook logins, then Ubiquiti may feel the company is off-the-hook in the event of a breach?

    I would argue that obtaining an email and password is trivial, and unless the user has implemented multi-factor authentication, then their socially-logged-in-and-remotely-accessible home WiFi can easily be breached (which is why I don't enable remote access and don't use it anyway).

    QUESTIONS

    • What is your position on security and privacy where it comes to enabling Google and Facebook to potentially monitor outbound traffic from an IP address?

    • As such, do you have a security/privacy white paper that outlines how you use the Google and Facebook social APIs, and specifically what you allow Google and Facebook to monitor? (like router IP address).

    While I appreciate that our Amplifi Mesh Wi-Fi System is focused on simplicity first and granular level detail on security and privacy second, I'd like to see a public/private key, encrypted, Ubiquiti-delivered remote access login (where I hold both keys) along with multi-factor authentication ... at a minimum.

    Thoughts?


  • Fully agree! In particular, Facebook can no longer be trusted in these matters.


  • @steve-borsch
    I do agree with Steve
    I would suggest to have a registration process with Amplifi and use that as a login to access Remotely
    This way it's more secure and privacy is maintained ☺


  • @steve-borsch

    I totally agree.

    I am, frankly, amazed that Amplifi insist on its users having some sort of social media account.

    I have never subscribed to Facebook, and never will, and was very reluctant to use Google to sign in.

    Please fix this as soon as possible. The easy fix would be to offer the existing Facebook and Google options to those who find them acceptable, and offer a Ubiquiti-delivered login with multi-factor authentication to everyone else.

    NJSS


  • No response

    @steve-borsch said in Stop Using Social Login for Remote Access:

    QUESTIONS

    What is your position on security and privacy where it comes to enabling Google and Facebook to potentially monitor outbound traffic from an IP address?

    As such, do you have a security/privacy white paper that outlines how you use the Google and Facebook social APIs, and specifically what you allow Google and Facebook to monitor? (like router IP address).

    Could we have an answer please? It has been 18 days, with no response. This is a very topical issue.


Log in to reply
 

Looks like your connection to AmpliFi was lost, please wait while we try to reconnect.