Authentication

Consider Strong Authentication Configuration provided in the WP500 Product.

Use Recommended Password Policy:


  • Encourage the use of passwords that are at least 8 characters long.
  • Prefer longer passwords (up to 64 characters or more) over complex ones.
  • Enforcing composition rules (like requiring a mix of letters, numbers, and special characters).
  • Prohibit commonly used, expected, or compromised passwords (like "password", "123456", etc.).
  • Encourage the use of passphrases or passwords created using memorable yet uncommon phrases.
  • Do not require periodic password changes unless there is evidence of compromise.


Two-Factor Authentication (2FA) with TOTP:

The WP500 incorporates Two-Factor Authentication (2FA) using Time-based One-Time Passwords (TOTP), adding an extra layer of security beyond just username and password.

TOTP generates a temporary code, usually accessible via a smartphone app or a hardware token, which changes at set intervals (typically every 30 seconds).

Users must enter both their regular password and the TOTP code to gain access, significantly reducing the risk of unauthorized access even if a password is compromised.


Login Captcha:

To further enhance security, a Captcha is implemented on the login page. This feature is designed to differentiate human users from automated scripts (bots), protecting against automated login attempts and brute-force attacks.

The Captcha requirement adds an additional hurdle for potential attackers, making automated attacks more difficult and time-consuming.



Audit and Compliance:

Conduct regular security audits.

Maintain compliance with relevant industry standards and regulations.


Backup and Recovery:

Regularly back up configurations and data.

Establish a disaster recovery plan.


Secure Configuration:

Ensure that the device is securely configured upon setup.

Disable any unnecessary services or features to minimize vulnerabilities.


Training:


  • TAS Provides training for customers on WP500 which covers security best practices, please contact our account manager for arranging and scheduling the same.
  • Keep users informed about potential security threats and how to avoid them.

Created with the Personal Edition of HelpNDoc: Don't Let Unauthorized Users View Your PDFs: Learn How to Set Passwords