The user doesn't get logged out from the forum if the TP-link ID password has been changed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

The user doesn't get logged out from the forum if the TP-link ID password has been changed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
The user doesn't get logged out from the forum if the TP-link ID password has been changed
The user doesn't get logged out from the forum if the TP-link ID password has been changed
2023-01-31 13:28:59 - last edited 2023-02-02 07:33:05
Tags: #Forum

I can change my TP-link ID at https://www.tplinkcloud.com/admin.php, but if I change password using that link, I don't get logged out on this forum.

 

IMHO, this is terrible for security.  If somehow, my account's credential got leaked, I will have no way to lock the hacker out of this forum.

 

Also, this forum doesn't do 2FA, even if the TP-link account has 2FA on Tether app.  This is related to https://community.tp-link.com/en/home/forum/topic/597544

 

====================================

Here's an opinion of a PWM company of how password security should be implemented (from Bitwarden's Industry Leaders Security Rankings: Personal Email Services Edition).  TP-link isn't there yet, but perhaps should be there for being the first/second security barrier into the users' home networks.

 

Coming in hot with a perfect score is the wildly popular Gmail which brings it home in every category. Password pasting? Check. 2FA? Check. Authenticator hardware? Check. When it comes to password security, the folks over in Mountain View are doing something right. 

Password Security: Good

✅ Allows passwords that are ≥ 40 characters

✅ Allows users to paste passwords 

✅ Offers two-factor authentication

Allows authenticator apps 

Allows authenticator hardware 

✅ Informs users of password reset 

Requires login using new password

PASSWORD SECURITY SCORE: 100%

  0      
  0      
#1
Options
2 Reply
Re:The user doesn't get logged out from the forum if the TP-link ID password has been changed
2023-02-03 12:38:59

Hello @tikmok 

 

Thank you very much for bringing this up to our attention.

 

We have reported this concern to the related department, and they will check and confirm how to improve the system management with the highest priority.

 

Kind reminder: when creating a password for any account, do remember to create a Strong Password with a mix of numbers, letters, capitals, which is long enough but with unique meaning, that will help protect the account security as well as remember it. You can read this story to understand more about it. Also, Do NOT reuse the same password across multiple platforms, which would increase the risk to make your account's credential get leaked if one specific platform gets hacked.

 

We will also consider if there is a possibility to support 2FA on the community and forum.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  3  
  3  
#2
Options
Re:The user doesn't get logged out from the forum if the TP-link ID password has been changed
2023-02-03 14:50:05

  @Kevin_Z 

 

Thx.

  0  
  0  
#3
Options