Skip to main content

 

Cisco Meraki Documentation

Authentication Enhancements and New Dashboard Security Features

Click 日本語 for Japanese

Authentication Enhancements  

Meraki built an additional security feature to help protect user accounts from potential account compromise (password stuffing, spraying, brute force, etc.).

 
The security feature delivers a 6-digit one-time password (OTP) via email upon detecting a suspicious login attempt, which will be requested during the login process after entering a correct account password. This only applies to accounts that do not have Two-Factor Authentication (TFA) enabled.  

The new feature uses IP geolocation to identify potential login “anomalies,” similar to how certain financial institutions use OTP codes, to flag an anomaly if a user has not logged in from the connecting country before. 

In addition, all SM admins that do not have MFA enabled will receive the OTP.

New user flow:

New Dashboard user login steps with authentication Enhancements

OTP E-mail:

clipboard_e2c54830015d976db58a1d37b719fddff.png

FAQ

Can I disable this feature? 

No, we do not offer the option for users to disable OTP.  

What if I can't access the OTP email? 

In order to provide you with a greater level of security, we must perform robust account verification. Please open a case on the Support home page for verification assistance.

I can't login into the Meraki Mobile app anymore. What do I do?

Please make sure to update the app to the latest version. The OTP flow is available starting in version 4.48.1.

 

Dashboard Security Defaults

Strong passwords are the new default for any new account or password reset. Current passwords will not be reset, but any new password must meet the new password requirements:

  • may not contain common words
  • must be at least 8 characters long & contain at least 3 of the following:
    • number
    • lowercase letter
    • uppercase letter
    • symbol ( ! @ # $ % ^ & *, etc )

Additionally, password reuse will be limited, with the default minimum set to the last 2 passwords. Organization administrators may also change the default configuration to choose passwords different from the prior 3 or more passwords for additional security. If your organization already has this setting enabled, there will be no changes.  

These changes affect all current and new dashboard users and cannot be disabled. 

Note: Government Account passwords must be at least 14 characters long.

  • Was this article helpful?