Admin users should be forced to use MFA

There are probably still many admins who have not yet enabled MFA on their ZyXEL account. Anyone who knows such username+password can log in to Nebula and start managing the network.

We want better security in Nebula!

ZyXEL, please make MFA mandatory for any user who is a Nebula admin. This implies that admin permissions should be automatically revoked from any user who disables MFA.

Currently, we have to trust that new admin users enable MFA and keep it enabled, but we have no guarantee that they actually do so.

ZyXEL, if you cannot fulfill this requirement in the short term, at least consider creating a report/overview with admins who have/haven't enabled MFA.

Thanks!



1 votes

Active · Last Updated