I understand your logic, albeit circular.
If you have no password on your account, then you’re implicitly permitting anyone access to your drive.
The Cloud App isn’t the only thing that would be permissive. Anyone that had access to your WiFi network could also connect to it via Samba, for example (using apps like File Browser) and whatnot. Chances are, unless you’ve explicitly configured your PC shares to require passwordst, the same users could also access your printers and network shares on your PC.
Yes, I agree that if you change an account from password-less to password-protected that the cloud should enforce re-authentication.
But there should be no need to enforce password changes if you change the password on the Cloud. The cloud already gives you the ability to selectively de-authorize specific devices in such a case.
Damun wrote:
- Password protecting a user (myself) would require a password from a wireless device, but only if i delete it from the list of cloud devices first and reconnect again
It can be done either way… the mobile user can remove the device from the NAS list, or you can remove the mobile device from the NAS’s device list.
Damun wrote:
My concern is still that, anyone with acces to my network would automatically have unlimited acces to My Cloud. The “code” thing only works for devices that are not on your network (i.e. from internet). Once someone is on your network, and has the My Cloud App, he or she will not need a code to access My Cloud.
Not for un-authorized devices. Someone new getting access to your WiFi network, as long as your account is password protected, would need the password (or a MAK code) to access the drive.
Damun wrote:
…this is a big flaw on this drive.A code should be required for all devices, period!
I think this is a “Belt, Suspenders, and Super-glue” approach, but that’s OK…
I think of it the other way. You, as the owner, are responsible for the drive’s security. It provides you mechanisms to do that, which you are not (or previously were not) using.
If you’ve password-protected your user account(s), then you’re already secure.