Not to come off as condescending but is there a reason why EG4 hasn't focused on data security and implemented 2 Factor Authentication for their monitor center or for any of their network connected systems?
If someone gets ahold of a username + password for the monitor.eg4electronics.com portal they could really (and I mean really) wreak some havoc on a system (or systems) quickly.
Want to force discharge everything? Want to deprovision everything / factory reset it? Want to force grid sell back (even if you don't have a grid tie agreement? Yup yup and yup... that's all possible.
From an information security / data security side of things it would really be pertinent to add this as soon as possible.
If you add this feature please also avoid SMS or phone number 2FA since it's the weakest form of 2FA and can be easily bypassed with a SIM swap.
Thank you for your time and consideration on this.
I think the monitoring site is fantastic. I geek out on all the information on there. That being said I keep mine offline unless I absolutely have to look at something. Maybe online a total of a week in the last 9 months. If you want it 100% secure the only real way is to be offline. I’ll leave it at that. PM if you want more info
PM'ed - but the issue still exists for all customers of EG4.
If there is a possibility of a 3rd party getting into your account to cause damage you want 2FA on at a MINIMUM and I'm shocked to see that they don't have this basic level of security.
Agree with the concerns.
Note for safety you can disable remote updates, and only enable it as needed.
https://eg4electronics.com/wp-content/uploads/2024/11/Remote-Support-Disable.pdf
Bump to make sure EG4 sees this (still no response)
I completely understand where you're coming from, however at the moment, I don’t have a direct answer for you. What I can do is submit your feedback and suggestions to the appropriate team for this matter.