Currently the main administrator user is hard-coded into the application. Even if I create another user with administrator privileges, I cannot rename or delete the existing one.
Why is this a problem?
Anyone that is familiar with Manager can brute-force entry to a database by testing thousands of passwords until they find one that works.
What is the solution?
If we can rename the username as well, it makes Manager even more secure because not only do they need to brute-force the password, but they need to guess what the administratorās username is as well.
Even if we cannot delete the primary user, the ability to change the āusernameā would solve this issue.
I donāt consider this to be a security risk. Linux has root username for this purpose. If you are worried about brute-forcing the password, go for a strong password with at least 8 characters.
There are 6.63 quadrillion possible 8 character passwords that could be generated using the 94 numbers, letters, and symbols on standard keyboard. Every extra character you add to your password will make it exponentially harder to brute-force it.
I generate large complex passwords for this exact purpose (> 20 characters) - just thought Iād raise another potential way to help keep things secure.
It would have been most beneficial to those users that rely on remembering passwords ā those that find it difficult to remember a strong password.
All such tricks are well known to those with malicious intent and implemented by password cracking software. Truly random characters are the only hope for semi-secure passwords, the longer the better. The fact is, though, that no password should be considered secure these days.
For me learning on setting up your own server for hosting the manager with Virtual Private Network infrastructure. Is one way to reduce getting hacked easily.
