Change admin username
It should be possible for the admin user to change his user login name. The name "admin" is not very secure, because it's easiert to hack via brute force. The hackers know, the name is "admin". If the user would be able to change his login name, it would increase the security of Plesk Panel.
We have serious doubts this function can really increase server security:
1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.
As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.
As for concerns that default password requirement is set in “weak”, that fail2ban module is not enabled by default or may consume extra resources, etc – they are much irrelevant here. If someone is not willing investing some time into setting better password, into changing password policy or into installing/enabling server protection – changed admin name will again be only a false sense of security. If a password is “1234567”, then login doesn’t really matter.
Not only should this be an option, new admins should be prompted to use an alternate admin username. This will help in security.
that seem like a good idea
Yes, this is an important security feature. I once messed up my server trying to change the admin username.
Stéphan S commented
very good idea!
Is the id of admin also 0 ?
Or is there no id used to login (webgui / API)?
Anything to make it harder on them is a great win on our side.