Passwords: Difference between revisions

Back up to the Configuring Category
From AAISP Support Site
mNo edit summary
mNo edit summary
 
(3 intermediate revisions by the same user not shown)
Line 31: Line 31:


==Two factor authentication==
==Two factor authentication==
2FA is available, see https://www.aaisp.net.uk/kb-broadband-2fa.html
2FA is available, see below.


|}
|}
Line 69: Line 69:
|}
|}
{| role="presentation" class="wikitable mw-collapsible mw-collapsed"
{| role="presentation" class="wikitable mw-collapsible mw-collapsed"
|'''DSL Line Password'''
|'''Broadband / L2TP Line Password'''
|-
|-
|
|
The line password is related to a broadband line, or data SIM or L2TP Internet access. It is considered very low priority as such systems are rarely used as an attack. When using broadband lines or data SIMs, we normally see a verified circuit ID and as such we will allow a correct login with an incorrect passwords if the circuit matches. The password is also included in the information pack and printed on router information cards to make it easy to configure network equipment - which is especially important when you have no Internet connection.
The "line" password is related to a broadband line, or data SIM or L2TP Internet access. Also known as the PPP Password. This is the password used in the customer's router in order to log in to us for internet access. It is considered very low priority as such systems are rarely used as an attack. When using broadband lines or data SIMs, we normally see a verified circuit ID and as such we will allow a correct login with an incorrect passwords if the circuit matches. The password is also included in the information pack and printed on router information cards to make it easy to configure network equipment - which is especially important when you have no Internet connection.


The username used for a line is in the form of xx@a.n where n is the line number, typically 1 where there is just a single line. e.g.: abc@a.1
The username used for a line is in the form of xx@a.n where n is the line number, typically 1 where there is just a single line. e.g.: abc@a.1
Line 223: Line 223:


Setting up the code is simple - log in as normal and you will see an option to set up 2FA. Simple follow the instructions.
Setting up the code is simple - log in as normal and you will see an option to set up 2FA. Simple follow the instructions.

https://www.youtube.com/watch?v=Jr-d0m9wgcc&feature=youtu.be


Note the process has changed slightly since this video was made.
Note the process has changed slightly since this video was made.

Latest revision as of 13:36, 9 July 2024

This page describes the various account logins and passwords that apply to our various systems. Different systems have different levels of password security depending on the requirements.

When changing passwords always be sure to use a secure password! Most of our systems have a 'Generate Password' button which you can use if you wish. The Information Pack contains some of your account details.

Click the 'Expand' link to view the details.



Two factor authentication information

We have an optional system of two factor authentication (2FA) on our accounts and control web pages.

What does that mean?

What this means is that, if you set it up, in addition to a simple username (or account number) and password, we will request a code from you. Without the correct code you cannot log in to the web site.

The way to get the code is using a mobile phone app, there are many, but Authy, or the Google Authenticator seems a perfectly good ones.

It is nothing to do with google and does not need any google login. There are many apps, and if you want a different one you are looking for one that does OATH/TOTP to RFC6238, ideally one that will read an otpauth:// URL on a QR 2D barcode for the seed.

How does it work?

When you ask to set up 2FA there is a simple process that involves a QR 2D barcode shown on the screen which you scan with the app, and you are ready to go. Some apps allow a PIN or fingerprint to be set up to protect seeing the code (the Google one does not). Once the app is open it shows a new code every 30 seconds on the screen. You can usually set up multiple different accounts on the app. You can set up the same code on multiple devices, and some apps manage backup and sharing between devices. You don't need mobile coverage or internet access on your phone for the code to be shown. It really is that simple!

When you log in, you use your username and password and then we may prompt for the code - you simple enter the 6 digit number from the app screen.

When is a code required?

When you set up 2FA on the accounts system we also have a trust setting which you can change. This controls when we will ask for the code during a normal log in to the accounts web site. There are different settings which control when and if we will ask for the code. The standard setting will not normally ask for a code if you are using your usual browser but you can set it up to ask every time if you want.

If you have set up a code, then we will always ask on our normal order pages for services like Broadband, Telephony (VoIP), SIM cards, and so on, regardless of the trust level set. There may be some services which do not yet ask but we are aiming to update these as needed.

On the control pages, once set up, we always ask for the 2FA code on every login.

We also email you when we see a new browser used to login, just in case this is someone trying to compromise your account.

Will staff ask for the code?

Yes, staff may ask for the code if you have set up 2FA on the accounts pages - remember it is not actually your password and it changes every 30 seconds. Staff can check the accounts 2FA code, and so asking for the code can be an important security check. Staff can also see the trust setting you have applied on the accounts system, and if you have selected the highest security (paranoid mode) then additional checks be required. This could be over the phone, or irc, or the web-chat, or twitter, or whatever. You can actually use this to test staff (e.g. if we called you), giving a wrong code to confirm we see it as wrong.

Also, if you are asking staff to handle an on-line order for you over the phone, etc, they will need your code to proceed with the order. If you have a dealer that places orders for you, he too will need your code to place an order. But all of this only applies if you have set up two factor authentication on the accounts system - if not, then the normal username and password are used as now.

Staff cannot check the 2FA code you have set on the control pages, and so will not ask for this. Setting up...

Setting up the code is simple - log in as normal and you will see an option to set up 2FA. Simple follow the instructions.

https://www.youtube.com/watch?v=Jr-d0m9wgcc&feature=youtu.be

Note the process has changed slightly since this video was made.

Losing your mobile

We know things can go wrong, but if you have set up two factor authentication this indicates you are taking security seriously. You will have to convince staff you are who you claim to be, which will, in part, depend on the trust setting you have selected. Setting the lowest trust means you will not be able to get the code cleared or reset over the phone or email and may need a letter sent! However, if you have set a more conservative trust setting then staff may text you a code, or call you back on your number, etc. Bear in mind, texting your code is often no good if you actually have lost your mobile!

This does not impact the router login to your broadband line or VoIP services, etc, only the accounts and control web pages and ordering systems. Changing password

Once 2FA is set up you will need to use it when changing password, and on our control pages you also need your old password. If you need your password reset, which will also reset the 2FA, you will need to contact a member of staff.