Currently the main administrator user is hard-coded into the application. Even if I create another user with administrator privileges, I cannot rename or delete the existing one.
Why is this a problem?
Anyone that is familiar with Manager can brute-force entry to a database by testing thousands of passwords until they find one that works.
What is the solution?
If we can rename the username as well, it makes Manager even more secure because not only do they need to brute-force the password, but they need to guess what the administrator’s username is as well.
Even if we cannot delete the primary user, the ability to change the ‘username’ would solve this issue.
Currently it’s non-editable:
I don’t consider this to be a security risk. Linux has
root username for this purpose. If you are worried about brute-forcing the password, go for a strong password with at least 8 characters.
There are 6.63 quadrillion possible 8 character passwords that could be generated using the 94 numbers, letters, and symbols on standard keyboard. Every extra character you add to your password will make it exponentially harder to brute-force it.
Thanks for the official response lubos.
I generate large complex passwords for this exact purpose (> 20 characters) - just thought I’d raise another potential way to help keep things secure.
It would have been most beneficial to those users that rely on remembering passwords – those that find it difficult to remember a strong password.
Some tips for others that land on this page: How To Create A Strong Password
I would be glad if you point that what is the reason that admins are not permitted to change their user names on cloud version ?
Thanks in advance,
One of I recommend is using symbols as part of the password like S = $.
and set it in reverse order.
for Example “ArthuriaPendragon” for example you can set it this way “@ruthr@n0g@rdnep” as airuthra = Arthuria , Pendragon= nogardnep.
Basically is impossible to guess by common sense to shorten the brute force list. kekeke.
If that is too much to remember. just use keepass or any password manager.
Simpler way use Base64 Encoder.
All such tricks are well known to those with malicious intent and implemented by password cracking software. Truly random characters are the only hope for semi-secure passwords, the longer the better. The fact is, though, that no password should be considered secure these days.
The safest in security from cyber threat. basically isolate itself from the internet. lol
For me learning on setting up your own server for hosting the manager with Virtual Private Network infrastructure. Is one way to reduce getting hacked easily.