My feedback

  1. 410 votes
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have serious doubts this function can really increase server security:
    1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
    2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

    As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

    As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

    An error occurred while saving the comment
    Anonymous commented  · 

    totally agree that people should have a strong password, but i also think just the peace of mind you can give to your customers who dont necessarily know all of the risks as Sergey L has stated are arbitrary to having an "admin" user name. i think the "peace of mind" philosophy goes further than a simple technicality.

    Two-Factor, strong password, and making sure every application you are installing on your server has its own security on top of it. leave no risks and you shouldnt have a problem. But again, not everyone follows these practices and would feel better if they were able to customize their own admin names. or at least be able to disable the admin after they have added an additional administrator.

Feedback and Knowledge Base