Authentication Enhancements and New Dashboard Security Features
Click 日本語 for Japanese
Meraki built an additional security feature to help protect user accounts from potential account compromise (password stuffing, spraying, brute force, etc.).
The security feature delivers a 6-digit one-time password (OTP) via email upon detecting a suspicious login attempt, which will be requested during the login process after entering a correct account password. This only applies to accounts that do not have Two-Factor Authentication (TFA) enabled.
The new feature uses IP geolocation to identify potential login “anomalies,” similar to how certain financial institutions use OTP codes, to flag an anomaly if a user has not logged in from the connecting country before.
In addition, all SM admins that do not have MFA enabled will receive the OTP.
New user flow:
Can I disable this feature?
No, we do not offer the option for users to disable OTP.
What if I can't access the OTP email?
In order to provide you with a greater level of security, we must perform robust account verification. Please contact Meraki Technical Support at firstname.lastname@example.org for verification assistance.
I can't login into the Meraki Mobile app anymore. What do I do?
Please make sure to update the app to the latest version. The OTP flow is available starting in version 4.48.1.
Dashboard Security Defaults
Strong passwords are the new default for any new account or password reset. Current passwords will not be reset, but any new password must meet the new password requirements:
- may not contain common words
- must be at least 8 characters long & contain at least 3 of the following:
- lowercase letter
- uppercase letter
- symbol ( ! @ # $ % ^ & *, etc )
Additionally, password reuse will be limited, with the default minimum set to the last 2 passwords. Organization administrators may also change the default configuration to choose passwords different from the prior 3 or more passwords for additional security. If your organization already has this setting enabled, there will be no changes.
These changes affect all current and new dashboard users and cannot be disabled.