I’m trying to figure out why WD keeps referring to device access and web access as two different things. There’s no logic to its documentation and the existence of the latter seems to negate the security measures of the former.
If I use a “device” (a table/mobile phone) I am thankfully forced to register it before accessing my cloud account, using an access code. That’s good – nobody can just willy-nilly access my data from a tablet or smartphone.
But, if I am smart enough as a hacker to go to “My Cloud OS3 End of Service | Western Digital” in a common web browser (a major hacking tool only available on the dark web) I am prompted for a username password, which, if the hacker knows, can be used to log in and access the same information. No access token is required and indeed there is virtually no security at all (aside from said username/password).