Help Center/ Security Technologies and Applications/ Best Practices/ Best Practices for Using Huawei Accounts
Updated on 2024-11-08 GMT+08:00

Best Practices for Using Huawei Accounts

To safeguard your Huawei Cloud accounts and help you set up a secure channel to access Huawei Cloud resources, we recommend the following settings on IAM.

Enabling Login Protection

After login protection is enabled, you and users created using your account will be authenticated by a virtual MFA device, SMS, or email during console login. This improves account security and prevents phishing attacks or accidental password leakage.

  1. Enable login protection for the account. Table 1 shows an example.

    Table 1 User roles

    User Roles

    Procedure

    Huawei Cloud Account

    Go to the Security Settings page. Select Critical Operations > Login Protection, click Enable. In the displayed pane, select Enable.

    • Your Huawei Cloud account is created after you successfully register with Huawei Cloud. Your account has full access permissions for your cloud resources and makes payments for the use of these resources.
    • Your HUAWEI ID is a unified identity that you can use to access all Huawei services.

  2. Enable login protection for each IAM user under your Huawei Cloud account.

    1. Choose Identity and Access Management > Users and click Security Settings in the row where an IAM user resides.
      Figure 1 Users
    1. Click in the Login Protection area.
      Figure 2 Security Settings
    2. In the displayed Change Verification Method dialog box, select SMS, Email, or Virtual MFA device for Verification Method, and click OK.
      Figure 3 Change Verification Method

Enabling Critical Operation Protection

After critical operation protection is enabled, if you or users created using your account perform a critical operation, such as deleting a resource and generating an access key, a password and a verification code are required for additional authentication. This prevents risks and loss caused by misoperations.

  1. Go to the Security Settings page as the administrator.
  2. Select Critical Operations, locate the Operation Protection row, and click Enable.

    Figure 4 Critical Operations

  1. On the displayed pane, select Enable for Operation Protection. Then, select Self-verification or Verification by another person.

    • Self-verification: You or IAM users themselves perform verification when performing a critical operation.
    • Verification by another person: The specified person completes verification when you or IAM users perform a critical operation. Only SMS and email verification is supported.
    Figure 5 Operation Protection

  1. Click OK.

Configuring a Login Authentication Policy

A login authentication policy includes many aspects of account security, including session timeout, account lockout, recent login information, and custom login prompt. You can configure a login authentication policy to better safeguard your account, preventing password leakage caused by forgetting to log out or phishing attacks.

  1. Go to the Security Settings page as the administrator.
  2. Select Login Authentication Policy and configure required parameters as shown in the following figure.

    Figure 6 Login Authentication Policy

    You can provide your custom information which will be displayed when you log in.

Configuring Password Policies

You can specify minimum password length, restrict consecutive identical character, and disallow previously used passwords to ensure that strong passwords of high complexity are used.

  1. Go to the Security Settings page as the administrator.
  2. Select Password Policy and configure required parameters as shown in the following figure.

    Figure 7 Password Policy