Console security risk ?

  • 20 March 2014
  • 1 reply

Userlevel 3
I am impressed by Webroot Secure Anywhere but am a little concerned about the agent commands area in the console. In particular the "download and run a file" option.
I appreciate that the the console is protected by a password and security code but this is not really full two factor authentication - in that a key logger could theoretically pickup entires as they are made and guess / brute force the security code.
In the absence of a full two factor authentication ( a la e.g. Google 2FA) it is at least theoretically possible for my credentials to be compromised . In that event a malicious impostor who succeeded in getting into my console would de facto have access to all the computers on that keycode via the agent commands facility ?
Should the more powerful agent commands not be removed from the console in the interest of greater security?

1 reply

Userlevel 7
Badge +56
That is a good point.  We have the keycode that you have to enter two numbers from each time you login, as well as the password.  As far as keylogging, if you have WSA installed on the machine you are logging into the console from, that should hopefully protect you.  I'll check and see if there are any current plans to add two-factor authentication.  In the meantime you can vote up this Feature Request for it here, so our dev team can see how many people would be interested in it as a feature.