Security is handled in several different ways.
- between the client and the server we use SSL for encrypting data transferred
- as an add-on we provide Encrypted Private Clouds for also encrypting files stored in a certain private cloud
- passwords are set up using a password policy that can be set on the minimum number of characters, how many of the old passwords set that are remembered (and can’t be re-used), days of expiration, max number of login attempts before an account is blocked, forbidding commonly used passwords, enforcing upper and lower case characters, enforce numeric characters, enforce special characters, checking against a huge list of passwords used at many sites that has been breached (this is a list of millions of passwords). What password policy to be used for a certain private cloud is part of the startup configuration done together with the customer.
2FA might become part of the BEE MyCloud Private Clouds ahead in time.
Just remember that no matter what security measures taken, the biggest threat is usually when login credentials are handled improperly. This is also partially why we prefer to set up the password policy together with the customer. There is no use in setting up a password policy that is so complicated that it will end up as a post-it note close the to the desktop computer or in a mobile.
One security hint that is quite useful in many cases is to use sentences, that way the passwords are both longer (i.e. harder to crack) and easier to remember for the account holder. This in combo with some blending in of special characters and numbers will make it even harder to breach the security.