Security and robustness is the prime directive of Mender in doing over-the-air software updates, and we work hard to make sure that directive never goes out of our sight.
Data breaches are the new norm and there are billions of breached logins on the web and in fact in 2017 Yahoo reported a breach of three billion user records. With these credentials in the wrong hands, the bad guys can hijack critical information and use it for any purpose they desire. When it comes to deploying updates to large fleets of connected devices in the field, an account on the OTA update server could give attackers complete control of software running on all the devices. In the words of one of our customers “between our devices and the world stands only one password”.
Two factor authentication (2FA) is an increasingly important tool in the fight to stay secure even if large databases of passwords get compromised and users use the same password in many places. Together with a security software app on your desktop or mobile device, 2FA forms an extra layer of protection. 2FA is now implemented as a commercial feature for customers who opt for either Mender Professional or Mender Enterprise, and it is very easy to set up: a) download a third party app such as Authy or Google Authenticator, b) scan the QR code that you are given with your account when you login to your Mender web application, using the authenticator app, and c) each time you log in, you will be asked for a verification code which you can retrieve from the authentication app on your device.
We highly recommend all our customers to start using 2FA.