Concerns about passwords and wan access

[gardar 16]

I'm a little concerned about the default of having users added with no password at all.

 

Currently if I do add a user to my Emby server I have to begin by adding the user and then open up that user to set a password for it. If I forget to do that I will have a new account on my login screen and anyone that access my public ip on the correct port can see that and use the account.

 

This is a pretty big security risk in my opinion.

 

Has there been any discussion in place? Are there any plans to change this?

 

I see few options.

• Have the option to set the user password when you create the account, and preferably have the option to require the user to change the password on first login.
• Disable passwordless users.
• Disable passwordless users on WAN interface.

 

Another thing I have noticed that the users get confused about is the Emby connect account. Having two seperate logins with two seperate passwords is not ideal and I have had some issues with users that connect on their mobile device both locally and over the wan.

Are there any plans to do any changes in this regard? Preferably I would like the users just to use their emby connect account.

[ebr 14910]

Balancing ease of use with security is always a challenge.

 

There have been discussions and there are suggestions out here for improving the process with new users but it isn't an easy fix.  We don't want to force a password but perhaps we can have it suggest that you have one or give you a warning when you create a new user without one.  Or, maybe we always force a password for remote access... I'm sure someone will find a situation where that won't work for them.

 

The bottom line on that is that you need to be somewhat diligent about your own security in that regard right now.

 

As for the multiple ways to login issue, yes, we understand that can be confusing sometimes.  However, we do not wish to force people to have an online account in order to use their own server and system. 

[Luke 37049]

Hi, yes that's the tradeoff that we face of allowing people to opt-out of cloud services in order to run a more private server. More ways of doing things can certainly seem confusing to some. But if you want your users to only sign in with Emby Connect then you can certainly do that just by inviting guest users. they will not be able to sign in without using connect.

[anderbytes 139]

Hmm... my suggestion will always be something like: make it complex 1 one if necessary, to make it flexible and easy on the several that will come.

 

In this case:

- Allow password definition at the moment of user creation.

- Allow the admin to choose whether that user can be used to log by [  ] Internal Network or [   ] External Networks      (won't even appear at user list, if not)

 

And... if he didn't put a password, really the best practice is to give him a big red warning telling the security issues envolved, and asking for confirmation.

 

This way... I believe there will never be a new user being a security risk right after it's creation.

[gardar 16]

Not sure why this was moved to the windows sub forum since it does not apply only to windows and in my case not apply to windows at all since I use linux.

 

But anyways.

I fully understand that ease and security do rarely go hand in hand. And I do know that I'm responsible for my own security measures.

However I think it should be more clear that when you put your Emby server on the wan, anyone can access your password-less accounts.

Myself I do know about this security risk but it's probably not something that everyone that's new to Emby realises.

 

There are multiple ways that this can be resolved, I mentioned few in my previous post but there are other ways as well.

For example to disable remote access for password-less users by default, but you can enable the remote access specially if you really want to.

 

I also think it's absolutely neccesary to move the password options to the main page so passwords can be defined upon user creation.

 

 

The multiple ways to log in can indeed be confusing and I fully understand and appreciate the option of having emby connect access as well as local access.

But if you connect a local user to emby connect, maybe it would be good to let emby connect take fully over the account?

 

The guest accounts are interesting, I really have not paid any attention to them before as I thought they were for having a temporary account rather than a permanent one.

I did a quick check and it looks like there is no difference between having a guest account and a user account that's connected to emby connect is that the user account has two logins. Is this correct? And if so, what's the point in offering emby connect on user accounts other than to confuse?

[Happy2Play 8273]

Personally, Connect is for only remote connections.  Why would I go through my WAN to get to a local service at home.

 

 

I feel it just as easy to use my DDNS to access my server so I only use local accounts, but users without a ddns provider are offered Connect as an alternative to having to remember their WANIP to access their servers remotely.  As for two logins, in order to maintain your user watch/play statuses you are able to link that local user to your connect users.

Edited February 11, 2016 by Happy2Play

[Luke 37049]

You can use Connect inside your LAN and it will use the LAN connection.

[Luke 37049]

Not sure why this was moved to the windows sub forum since it does not apply only to windows and in my case not apply to windows at all since I use linux.

 

But anyways.

I fully understand that ease and security do rarely go hand in hand. And I do know that I'm responsible for my own security measures.

However I think it should be more clear that when you put your Emby server on the wan, anyone can access your password-less accounts.

Myself I do know about this security risk but it's probably not something that everyone that's new to Emby realises.

 

There are multiple ways that this can be resolved, I mentioned few in my previous post but there are other ways as well.

For example to disable remote access for password-less users by default, but you can enable the remote access specially if you really want to.

 

I also think it's absolutely neccesary to move the password options to the main page so passwords can be defined upon user creation.

 

 

The multiple ways to log in can indeed be confusing and I fully understand and appreciate the option of having emby connect access as well as local access.

But if you connect a local user to emby connect, maybe it would be good to let emby connect take fully over the account?

 

The guest accounts are interesting, I really have not paid any attention to them before as I thought they were for having a temporary account rather than a permanent one.

I did a quick check and it looks like there is no difference between having a guest account and a user account that's connected to emby connect is that the user account has two logins. Is this correct? And if so, what's the point in offering emby connect on user accounts other than to confuse?

 

The point is that if you already have a local user account for someone, and want to add Emby Connect, you can link them in order to retain watch data and other personalization. If we did not offer than then you would have to create a whole new user just for emby connect which would not have any of that data.

[gardar 16]

Ok understood, I think I'll use "guest accounts" then in the future.

 

Another idea that came to mind.

How about enabling reverse connections with Emby connect? Like Teamviewer does.

So if you enable Emby connect on your server, your server would open up a connection to the Emby connect server.

This would mean that you would not have to open any incoming ports, and it would solve the issue with passwordless users on the WAN.

You could ofcourse always open up the port and give direct access to your server if you want.

[ebr 14910]

Not sure why this was moved to the windows sub forum since it does not apply only to windows and in my case not apply to windows at all since I use linux.

 

This is the Windows/General forum.  As this is a general issue with the server this is the most appropriate place.

 

 

Ok understood, I think I'll use "guest accounts" then in the future.

 

Another idea that came to mind.

How about enabling reverse connections with Emby connect? Like Teamviewer does.

So if you enable Emby connect on your server, your server would open up a connection to the Emby connect server.

This would mean that you would not have to open any incoming ports, and it would solve the issue with passwordless users on the WAN.

You could ofcourse always open up the port and give direct access to your server if you want.

 

All Emby Connect does is make it easy to connect to your server.  Nothing is going through us.  You still need to be able to access your server.

 

We can definitely make some improvements in the password entry work-flow.

[dragon2611 27]

If making the server accessible from the WAN I usually hide all the users as well so that not only does someone need to guess the password they also have to know the username as well.

Ok it doesn't really add much in the way of security but it helps a little.

[anderbytes 139]

I almost did it that way but I thought of something:

 

Putting a 5-digit hidden user and a 5-digit password is as strong as giving away the user and putting a 10-digit password.

 

So...in comparison... You only lose because you don't get the stylish look of choosing an user from list and inside the internal network (where you can disable password need), you will still have to type something, too.

 

This way:

-Internal network: I only click the user and I'm in

-External network: click + type, still very securely.

 

So as long as your password isn't too weak, you'd be fine.

[Koleckai Silvestri 1150]

All my users have 12 - 20 digit passwords for WAN and a 4 digit PIN for LAN access. However, it would be nice to be able to change and send a password to the user from the admin account.

 

When I create a new user, they don't gain access to anything until passwords are set. Takes loading everything up in multiple browsers currently.

[gardar 16]

Bump!

Are there any improvements regarding this planned?

 

Did a search for Emby servers on the internet and found quite a lot of servers that have unprotected user accounts available.

[dcook 265]

Balancing ease of use with security is always a challenge.

 

There have been discussions and there are suggestions out here for improving the process with new users but it isn't an easy fix.  We don't want to force a password but perhaps we can have it suggest that you have one or give you a warning when you create a new user without one.  Or, maybe we always force a password for remote access... I'm sure someone will find a situation where that won't work for them.

 

The bottom line on that is that you need to be somewhat diligent about your own security in that regard right now.

 

As for the multiple ways to login issue, yes, we understand that can be confusing sometimes.  However, we do not wish to force people to have an online account in order to use their own server and system. 

 

 

I agree, please don't force emby connect on us, I don't want to have to connect to the internet to access my system, it works perfect without emby connect.

[Luke 37049]

I agree, please don't force emby connect on us, I don't want to have to connect to the internet to access my system, it works perfect without emby connect.

 

Every single app that supports Emby Connect allows you to skip it.