EG4 Community Forum

It's 2025 - how / w...
 
Notifications
Clear all

Suggestion It's 2025 - how / why does EG4 Monitor Center still not support 2FA?

7 Posts
4 Users
1 Reactions
86 Views
(@redpineapple)
Active Member
Joined: 7 months ago
Posts: 6
Topic starter  

Not to come off as condescending but is there a reason why EG4 hasn't focused on data security and implemented 2 Factor Authentication for their monitor center or for any of their network connected systems?

If someone gets ahold of a username + password for the monitor.eg4electronics.com portal they could really (and I mean really) wreak some havoc on a system (or systems) quickly.

Want to force discharge everything?  Want to deprovision everything / factory reset it?  Want to force grid sell back (even if you don't have a grid tie agreement?  Yup yup and yup... that's all possible.

From an information security / data security side of things it would really be pertinent to add this as soon as possible.  

If you add this feature please also avoid SMS or phone number 2FA since it's the weakest form of 2FA and can be easily bypassed with a SIM swap.

Thank you for your time and consideration on this.

This topic was modified 4 weeks ago by redpineapple

   
BobAndRoslyn reacted
Quote
(@pawnee)
Estimable Member
Joined: 8 months ago
Posts: 107
 

I think the monitoring site is fantastic. I geek out on all the information on there. That being said I keep mine offline unless I absolutely have to look at something. Maybe online a total of a week in the last 9 months. If you want it 100% secure the only real way is to be offline. I’ll leave it at that. PM if you want more info 


   
ReplyQuote
(@redpineapple)
Active Member
Joined: 7 months ago
Posts: 6
Topic starter  

PM'ed - but the issue still exists for all customers of EG4.

 

If there is a possibility of a 3rd party getting into your account to cause damage you want 2FA on at a MINIMUM and I'm shocked to see that they don't have this basic level of security.

 


   
ReplyQuote
BobAndRoslyn
(@bobandroslyn)
Trusted Member
Joined: 8 months ago
Posts: 61
 

Agree with the concerns.


   
ReplyQuote
BobAndRoslyn
(@bobandroslyn)
Trusted Member
Joined: 8 months ago
Posts: 61
 

Note for safety you can disable remote updates, and only enable it as needed.

https://eg4electronics.com/wp-content/uploads/2024/11/Remote-Support-Disable.pdf


   
ReplyQuote
(@redpineapple)
Active Member
Joined: 7 months ago
Posts: 6
Topic starter  

Bump to make sure EG4 sees this (still no response) 


   
ReplyQuote
EG4 Eric
(@eg4eric)
Reputable Member
Joined: 7 months ago
Posts: 373
 

I completely understand where you're coming from, however at the moment, I don’t have a direct answer for you. What I can do is submit your feedback and suggestions to the appropriate team for this matter. 


   
ReplyQuote
Share: