Anonymous
My feedback
2 results found
-
559 votes
We have serious doubts this function can really increase server security:
1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.
As for concerns that default password requirement is set in “weak”, that fail2ban module is not…
Anonymous
supported this idea
·
An error occurred while saving the comment -
685 votes
An error occurred while saving the comment Anonymous
commented
Plesk should be a system where I can use all features out of the box. The concept of making every new addition a paid add-on is discouraging!
I somewhat disagree with the official Plesk opinion. I agree that a strong password is a must. However, to log in, an attacker needs to know both - user name and password. If the user name is already known (and maybe the password is reused somewhere else), it is much easier to log in...
Thus, please make sure to implement this feature.
In addition, disabling a login with the Unix root credentials should be standard as well (can only be disabled via panel.ini).