Dr. Koontz

My feedback

  1. 28 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →
      Dr. Koontz supported this idea  · 
    • 309 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        35 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

        We have serious doubts this function can really increase server security:
        1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
        2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

        As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

        As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

        Dr. Koontz commented  · 

        Is there a way to specifically disable the Admin username?

        Dr. Koontz supported this idea  · 

      Feedback and Knowledge Base