I just set up my firewalla and I'm afraid I already found something that is a bit concerning.
firewalla apparently has SSH enabled by default and it cant be turned off. On top of that there is no ability to set a user defined password. We are stuck with using a system created 8 character password. Even if you try to do a password reset the only option is to let the system generate a new password -- you cant set your own password.
In my opinion this is very poor security practices. With SSH enabled and only being protected by a weak 8 character non user changeable password firewalla has a sizable security vulnerability. The password should be much longer and frankly the user should have the ability to turn off this backdoor. I understand the need for the firewalla team to be able to troubleshoot problems with it's users but this is not best security practices.
Please give us the option to turn off SSH and only enable it when we need to reach out to you for support/when we want to use it ourselves. Also an option to set a stronger 15-30 character password would be appreciated.
I don't know how everyone else is doing it but for me personally all of my online accounts are set to unique 15-30 character passwords (and two factor where possible). 8 characters just doesn't cut it anymore now-a-days.
For those that don't know what I'm talking about: From the Firewall app go to your Firewalla > Settings > Help and Support > SSH Console
Please sign in to leave a comment.