Authentication Enhancements and New Dashboard Security Features

Authentication Enhancements  

Meraki built an additional security feature to help protect user accounts from potential account compromise (password stuffing, spraying, brute force, etc.).

 
The security feature delivers a 6-digit one-time password (OTP) via email upon detecting a suspicious login attempt, which will be requested during the login process after entering a correct account password. This only applies to accounts that do not have Two-Factor Authentication (TFA) enabled.  

The new feature uses IP geolocation to identify potential login “anomalies,” similar to how certain financial institutions use OTP codes, to flag an anomaly if a user has not logged in from the connecting country before. 

In addition, all SM admins that do not have MFA enabled will receive the OTP.

New user flow:

OTP E-mail:

Dashboard Security Defaults

Strong passwords are the new default for any new account or password reset. Current passwords will not be reset, but any new password must meet the new password requirements:

• may not contain common words
• must be at least 8 characters long & contain at least 3 of the following:
  • number
  • lowercase letter
  • uppercase letter
  • symbol ( ! @ # $ % ^ & *, etc )

Additionally, password reuse will be limited, with the default minimum set to the last 2 passwords. Organization administrators may also change the default configuration to choose passwords different from the prior 3 or more passwords for additional security. If your organization already has this setting enabled, there will be no changes.  

These changes affect all current and new dashboard users and cannot be disabled.