Anonymous

← Your Ideas for Plesk

My feedback

Renew a subscription

68 votes

We're glad you're here
Please sign in to leave feedback

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

open discussion · 8 comments · Feature Suggestions » Plesk (general) · Delete… · Admin →

How important is this to you?

We're glad you're here
Please sign in to leave feedback

Signed in as (Sign out)

Close

Close

Anonymous shared this idea · August 01, 2013
ActiveSync support on Roundcube and Horde (Push)

679 votes

We're glad you're here
Please sign in to leave feedback

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

open discussion · 73 comments · Feature Suggestions » Mail · Delete… · Admin →

How important is this to you?

We're glad you're here
Please sign in to leave feedback

Signed in as (Sign out)

Close

Close

Anonymous supported this idea · August 01, 2013
Change admin username

542 votes

We're glad you're here
Please sign in to leave feedback

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

68 comments · Feature Suggestions » Security · Delete… · Admin →

How important is this to you?

We're glad you're here
Please sign in to leave feedback

Signed in as (Sign out)

Close

Close

open discussion · AdminSergey L (CTO, Plesk International GmbH) responded

We have serious doubts this function can really increase server security:
1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

As for concerns that default password requirement is set in “weak”, that fail2ban module is not enabled by default or may consume extra resources, etc – they are much irrelevant here. If someone is not willing investing some time into setting better password, into changing password policy or into installing/enabling server protection – changed admin name will again be only a false sense of security. If a password is “1234567”, then login doesn’t really matter.
We have serious doubts this function can really increase server security:
1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

Anonymous supported this idea · August 01, 2013

Anonymous

My feedback

Renew a subscription

ActiveSync support on Roundcube and Horde (Push)

Change admin username

Feedback and Knowledge Base

Searching…

Give feedback

Plesk International GmbH

My feedback

Renew a subscription

We're glad you're here

We're glad you're here

ActiveSync support on Roundcube and Horde (Push)

We're glad you're here

We're glad you're here

Change admin username

We're glad you're here

We're glad you're here

We're glad you're here

Searching…

Give feedback

Plesk International GmbH