My feedback

  1. 444 votes
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    57 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have serious doubts this function can really increase server security:
    1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
    2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

    As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

    As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

    An error occurred while saving the comment
    Tobi commented  · 

    Is this request not much better?

    You want change the username, I'm here with Sergey. Make your password longer and stronger have the same effect as take another username.

    But what is with security bugs in plesk gui? Bugs that give attackers access to pleski gui?

    I would like to add a second protection layer. fail2ban is nice, but I get with fail2ban hundreds of fail login every day and fail2ban NOT protects for security bugs in plesk gui. With "basic auth" you can prevent attackers directly from access your plesk gui at all. THATS much better in my eyes. In plesk 11.x and 12.0 this working, but in Plesk 12.5 not anymore. I would like this as optional feature, that admins can enable.

    Tobi supported this idea  · 

Feedback and Knowledge Base