Don't expose username-login on forum

Submitted by -
Status: New Idea

Currently if users have cloudkey and use the forum, the world knows their username - UBNT uses the same username for login to forum and cloudkey and shows the username on the forum. 

 

Give us the option to create a different forum display name or user email to login to forum and cloudkey and don't allow display name for login to forum. 

 

WIth login name visible, there is incentive for hackers to try password guessing attacks. Also user accounts can be easily locked out as the login names are known. Site the use email address never tell a bad guy if  the email address is valid, but on UBNT site, a list of known good usernames can be seen. '

 

It also becomes easy to see who has access to one or more cloudkey controllers. If people pick dumb passwords and/or don't enable multi-factor, some real damage can be done. 

Comments
by
on ‎12-26-2018 08:52 AM
You are not obligated to use your forum account for SSO. Feel free to setup a second account for SSO.
by
on ‎12-26-2018 09:26 AM

Yes, one workaround is to have multiple acounts with UBNT.com

 

 but anyone that does this (uses one account) - and most do, (even Unifi advertises this as a "feature" ) exposes themselves to DOS attack or compromised forum login leads to Controller login. 

 

And if you happen to be logged into the controller account and decide to respond in the forum - you have now exposed your controller account.