I followed the instructions in their email: 1. change password, and 2. enable 2FA (confirm enabled in my case).
Password change went fine. I expected existing sessions to my controller login would be terminated upon a password change. I suppose that's not mandatory but it sure wouldn't be surprising behaviour for security software IMO. It's the conservative thing to do, no?
Nope. Already logged-in sessions (web and iOS app) remained functional when I changed the underlying password. No need to re-authenticate.
Before I received their breach email today, the past two days I have been unable to log into my controller at all. This was being reported by others through unofficial channels at the same time (Twitter, Reddit). Ubiquiti was silent until this morning. Maybe it's just a bad coincidence.
I'm a new Ubiquiti customer. My gear is < 30 days old. Their UniFi Dream Machine seemed to be my "dream" for a home network (AP, VPN, notifications, guests, pretty dashboard). It's probably better than the alternatives. But I'm forming a less than stellar first impression of them after this. Honeymoon over.
I feel to the hype. And now I hold my friends and coworkers who hyped them in much lower steem.
Bought one Access point "PRO".
It is a hacked version of openWRT. No GPL sources anywhere on their site.
Downloaded the unifi controller to run on a debian 10 image.... a closed source java app. And it requires java8 from sun. pain to install on debian but fine.
Next, it requires an old version of mongodb. Sigh. no package available for debian 10. Compile from source, this is a nightmare on itself, but done.
A bunch more /fun/ with decades old software dependencies later, i have a unifi controller running.
Now, I learn that despite them advertising (and showing screen shots) that i can setup VLANs with that product (and the product page advertise support for N vlans) i learn it is just a dumb unmanaged AP. I write that off as a $150 lesson.
The UI says that if i buy another piece of the hype puzzle it will enable the feature i bought the "pro" AP for. But at this point, i know i will also learn i will need a something-key, and then something else. ...thanks. Fool me once, shame on you, fool me twice shame on me.
I will just save the dumb unmanaged "pro" AP to use with a setup from someone else. Probably pfsense based. Heck, the time i wasted to simply satisfy the anciently deprecated dependencies for their controller, I could have send tons of patches to pfsense so the UI looked just as good as theirs :) ...which i think is their only selling point.
Password change went fine. I expected existing sessions to my controller login would be terminated upon a password change. I suppose that's not mandatory but it sure wouldn't be surprising behaviour for security software IMO. It's the conservative thing to do, no?
Nope. Already logged-in sessions (web and iOS app) remained functional when I changed the underlying password. No need to re-authenticate.
Before I received their breach email today, the past two days I have been unable to log into my controller at all. This was being reported by others through unofficial channels at the same time (Twitter, Reddit). Ubiquiti was silent until this morning. Maybe it's just a bad coincidence.
I'm a new Ubiquiti customer. My gear is < 30 days old. Their UniFi Dream Machine seemed to be my "dream" for a home network (AP, VPN, notifications, guests, pretty dashboard). It's probably better than the alternatives. But I'm forming a less than stellar first impression of them after this. Honeymoon over.