Skip to content

Kris H

← Your Ideas for Plesk

My feedback

1 result found

  1. Change admin username

    543 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    68 comments  ·  Feature Suggestions » Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  AdminSergey L (CTO, Plesk International GmbH) responded

    We have serious doubts this function can really increase server security:
    1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
    2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

    As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

    As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

    Kris H supported this idea  · 
    An error occurred while saving the comment
    Kris H commented  · 

    I guess it is just a matter of time waiting for that zero-day attack where the only thing that could possibly mitigate an easily scriptable/deployable attack was the uniqueness of the primary administrator's user name.

    Atrocious this is still not possible in 2022, next year it will be 10 years since it was first requested! Disgusting!

Feedback and Knowledge Base

(thinking…)