Authentication with PIN or Password
Passwords and PIN codes are basic authentication methods that are still quite popular among organizations and companies. They are easy to set up and easy to use. However, there are some considerations to be made before you decide to use them in your organization.
PIN Codes
PIN codes are a very simple authentication method. PINs can be generated by administrators in bulk and sent to users via email – this method is commonly used by organizations to ensure that their new members or employees get instant access to printing, copying, and scanning as soon as their account is created.
Users can also generate their own PINs, but this must be enabled by a MyQ administrator.
Availability of PIN Authentication
PINs can be used to sign in:
To the MyQ Web Interface (on Print Server only, never on Central Server).
To the Embedded Terminal (if enabled in the configuration profile).
To the MyQ Desktop Client (if enabled in the configuration profile).
To the MyQ X Mobile Client (always).
As you can see, the combination of the username and the user’s PIN can be used on the MyQ Print Server’s Web Interface. PIN codes cannot be used to authenticate on the Central Server’s Web Interface under any circumstances, only passwords can.
Embedded Terminals
When using Embedded Terminals, if PIN is enabled, it is not used in combination with a username. This means the PIN code alone can be input on the device screen for authentication.
Security of PIN Codes
If you are serious about security, you should think carefully about how you use PIN codes in your organization.
PIN codes, if improperly configured, can be guessed easily. They could allow anyone, with just a few random attempts, to log in as someone else and perform operations or even browse their files (if storage is connected and folder browsing enabled).
Since PIN codes can be used on their own to authenticate on the Embedded Terminals, keep in mind that the security of PINs is derived directly from:
The number of users using PIN codes.
The minimum length of PIN codes.
Example: Easily guessable PINs
Let’s say that you have 10000 users in your MyQ X environment. If you used 4-digit PINs, this – with a bit of simple math – gives you 10000 possible PIN codes. Do you see the problem?
If you generate PIN codes for all users, every single combination is used. Any 4-digit number will log you in as the user who uses this number as their PIN code.
Recommendations
You should ensure that the minimum length of your PINs is selected so that if all your users use PINs, there are still a large number of unused PIN codes.
Consider what functionalities you enable if you only use PIN codes in your environment.
MyQ X has a built-in prevention against guessable PIN codes. It will notify you when the number of users reaches the limit when there are not enough PIN codes to ensure some level of uniqueness. In such a case, you should raise the minimum PIN length and regenerate the PIN codes of your users.
Password
Passwords are always used in combination with a username. They cannot be used on their own in the way PINs can.
Users can create their passwords on the Web Interface; these passwords have to confirm to password complexity configured as by administrators in Settings – Users – User Authentication.
Availability of Password Authentication
A username and password can be used to sign in:
To the MyQ Web Interface (Print Server and Central Server).
To the Embedded Terminal (if enabled in the configuration profile).
To the MyQ Desktop Client (if enabled in the configuration profile).
To the MyQ X Mobile Client (always).
If Entra ID (Azure Active Directory) is used in your environment, we recommend enabling the Sign in with Microsoft button, allowing users to sign-in to MyQ with their Microsoft account.
Embedded Terminals
Even on the Embedded Terminals, both the username and password are required to be typed in. Note that an alias can be used instead of a username.
Security of Passwords
Passwords, thanks to their combination with usernames, mitigate the possibility of guessing a password that leads to successful login as a random user. However, you still might want to consider the password complexity you use.
Modern recommendations for a secure password emphasize its length over special character requirements. This means that secure passwords should be long and stored in password managers rather than short and requiring special characters.
Example: Password with special character requirements
If you enforce the use of special characters, upper-case letters, and numbers, this effectively decreases the number of passwords that can be set by the user opposed to when character requirements are not required.
Thus, it also decreases the variety of passwords, and makes them easier to guess.