Home > Storage > ObjectScale and ECS > Product Documentation > ECS PCI DSS Compliance > Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
As a best practice for any enterprise system, this requirement enforces that system access requires custom passwords and settings, rather than the default vendor configured settings. Unauthorized malicious parties gain system access by first trying system defaults and publicly known settings.
ECS allows administrators to define login settings at the initial system deployment or to update a production cluster. For configuration steps, refer to the ECS Administration Guide.
Note: As a best practice, prior to deploying a production ECS cluster, design the system access hierarchy containing the desired profiles. This minimizes complications in the future, as security profiles do not require modifications.
In addition to updating passwords, additional login security measures should also be considered. ECS provides different roles to define different operations. The roles include security administrator, system administrator, system monitor, namespace administrator. For more information about each role, refer to ECS Security Configuration Guide.
ECS supports Active Directory (AD) authentication or Lightweight Directory Access Protocol (LDAP) authentication. It is used to authenticate domain users that are assigned to management roles in ECS.
Note: As a best practice, it is recommended to use AD/LADP authentication than local account.