OBiTALK Community

General Support => Installation and Set-Up (Devices) => Topic started by: LaCuadrilla on July 10, 2017, 03:19:50 PM

Title: New Obi 202
Post by: LaCuadrilla on July 10, 2017, 03:19:50 PM
Broadvoice helped me set up a new OBI202 on their service, using the devices local web interface. It worked, and then:

1) It appears that the only way to change the admin password on the device was by registering it on the OBItalk web portal. Is that true? Anyway, I did so, and successfully changed the device password, and it still worked.

2) I could not figure out any way to disable Google automatic login to the OBItalk portal. Thus it appears that any of my computers currently logged into Google can thereafter be automatically logged in to the OBItalk web portal automatically, and thus display the device's Admin password in the clear. Is that true?

3) Since this is a security hole I tried to delete my OBItalk account on the web portal and was unable to do so. Is that true?

4) I then tried to change my user profile email and password on the portal, which was sort of successful, ie. the new email and password worked. But I was still able to log i using my original email and password, automatically, using google. Is that the case?

5) I then deleted the device from my account on the portal, which delete was successful, but .... apparently this deletes all the Broadvoice settings on the device. Now when I try to access the device's web interface I get "The requested URL was not found!", and the (Broadvoice) phone no longer works. Is that the case?

6) I then called OBI support to straighten all this out, and learned that the only way to get support was to buy premium support, or use this forum. Is that true?

If in fact the above is all true, then either I need to stick with the default admin password on the device, or register the device in the OBItalk portal and accept the security hole above, correct? Multiple people at my site use the google account, and I don't want to give them all my google password to log in each time.

In any case, it appears I'm back to square one in setting up the OBI202. And having only paid support for this mess .....

Title: Re: New Obi 202
Post by: azrobert on July 10, 2017, 04:03:10 PM
You can change the admin password locally here:
System Management  -> Device Admin -> AdminPassword

Delete the OBi202 from the portal and do a factory reset then configure the OBi202 using the local interface.

If you want to use the portal, just create a new account using a non-Google email. I don't know how to delete an account or remove a Google signin.
Title: Re: New Obi 202
Post by: LaCuadrilla on July 10, 2017, 04:33:59 PM
> System Management  -> Device Admin -> AdminPassword

I tried that and the new password doesn't stick between reboots. A problem here, because we have power outages

> Delete the OBi202 from the portal and do a factory reset then configure the OBi202 using the local interface.

OK, I have to do a factory reset now anyway, but I lost all the broadvoice settings, and I need to call them and go through the setup again (this model does not support autoprovisioning on  Broadvoice).

> If you want to use the portal, just create a new account using a non-Google email.

I wish I'd known that

> I don't know how to delete an account or remove a Google signin.

Elsewhere in these forums it says you have to call OBI support to do that, but you don't get through to OBI support until you sign pu for paid support.


Title: Re: New Obi 202
Post by: azrobert on July 10, 2017, 05:15:40 PM
Quote from: LaCuadrilla on July 10, 2017, 04:33:59 PM
> System Management  -> Device Admin -> AdminPassword

I tried that and the new password doesn't stick between reboots. A problem here, because we have power outages

Elsewhere in these forums it says you have to call OBI support to do that, but you don't get through to OBI support until you sign pu for paid support.

I changed my admin password locally and it doesn't change after a re-boot

Is this happening after you added the OBi202 to the portal? After the OBi is added to the portal, OBiTalk provisioning is enabled. When provisioning is enabled any changes made locally will be overlaid by OBiTalk. When you do a factory reset provisioning will be disabled or you can manually disable it here:
System Management -> Auto Provisioning
Under OBiTalk Provisioning
Method: Disabled

You should have 1 year premium free support from OBiHai. Log into the portal. Click on the OBi202 and then click on the Support and Warranty tab. Your warranty start and end dates will be displayed. I think the warranty starts when the OBi is added to the Portal, but I could be wrong.
Title: Re: New Obi 202
Post by: SteveInWA on July 10, 2017, 09:26:26 PM
If you (or somebody else) add an OBi product to the OBiTALK dashboard, it cannot be added to a different OBiTALK account's dashboard unless/until it is first deleted off of the other OBiTALK account.  This is to prevent chaos from two different accounts attempting to manage the same device.

So:  if you can delete it, do so.  If you can't delete it, contact Obihai, give them the OBi number off of the bottom of the unit, and ask if they'll delete it for you.

Quote
2) I could not figure out any way to disable Google automatic login to the OBItalk portal. Thus it appears that any of my computers currently logged into Google can thereafter be automatically logged in to the OBItalk web portal automatically, and thus display the device's Admin password in the clear. Is that true?

3) Since this is a security hole I tried to delete my OBItalk account on the web portal and was unable to do so. Is that true?

Misplaced worrying.  The real issue is leaving your computer signed on to your Google (or any other) account, if it is in a shared location, and somebody else can use the computer.  

Not many people know about OBiTALK, and in the real world, the possibility of somebody physically accessing your computer, and then logging into your OBiTALK dashboard, are pretty slim.  If you want to use a unique user ID/PW for your OBiTALK account, follow my instructions above.

Otherwise, look at the bigger picture of security.  Consider using two-factor authentication wherever possible.  Google supports the FIDO alliance U2F two-factor authentication method.  You can get a hardware key from Yubico that supports U2F, or you can get one of their Yubikey NEO 3rd or 4th gen keys that also supports password managers like Lastpass.  https://www.yubico.com/products/yubikey-hardware/ (https://www.yubico.com/products/yubikey-hardware/)