Updated on 2025-05-22 GMT+08:00

SEC02-02 Secure Login Mechanism

Use secure login mechanisms for accounts, IAM users, and third-party identity providers.

  • Risk level

    High

  • Key strategies
    • Enable MFA-based login for accounts and IAM administrators (IAM users with administrator permissions) to prevent risks caused by login credential leakage.
    • Configure IAM login verification policies, such as session timeout, account lockout, account suspension, and last login notification.
    • Configure the network ACL policy of IAM. Users can access Huawei Cloud only from specific IP address ranges, CIDR blocks, and VPC endpoints.
    • Use different passwords for different accounts or IAM users.
    • Do not share your passwords with others. Instead, create a user for each person who manages or uses Huawei Cloud resources.
    • Change the default password of the new user. When you create a user using IAM, a one-time login link can be sent to the new user via email. The created user needs to set a password when logging in through the link. Additionally, when the administrator customizes the password for the new user, password modification upon user activation can be set to mandatory.
    • Centralized identity control:
      • Single sign-on (SSO): Use the SSO solution to centrally manage user identity authentication information, simplify the user login process, enhance security, and improve user experience.
      • Multi-account: Centrally manage the accounts.
  • Related cloud services and tools