I realised that in advanced settings (from 10.0.0.1), remote management is disabled by default (good thing) - yet, the Helix Fi web portal / mobile iOS app is still accessible outside of my network with my Videotron Helix login.
Q1. How is this possible (what bypass is done by the Helix Fi web portal login) to still access and remotely manage my modem/router gateway (I assume IP address / equipment are connected to my Helix login).
Q2. This means that the password of your Helix account is very crucial as the gateway can be cloud managed - such as forwarding ports - (even when not connected to local wifi).
I believe 2FA login methods (2 factor) - such as sending an SMS - would be nice to have on the web portal / mobile app.
I want some opinions - english or french 🙂 - this can worry some people as it is important to have a very strong Helix account password.
Regarding your first question, the remote access that you're seeing on your settings isn't the same as the remote access through Helix-FI. The Helix-FI remote access is managed by its own security infrastructure.
For all your accounts, we suggest that you use a different and complex password to enhance the security. As for the 2FA, we'll foward your suggestion to the appropriate department so that it can be analysed.