XF 1.3 Admin Security
- Thread starter MITK
- Start date
MITK
Member
Not sure how i can elaborate anymore then i did ..
When i signed up i used a series of characters as i find that more secure then putting BOB or JOE for a username but when i post on the forums it shows the series of characters that i chose for my login,
I am wondering if there is a way I can change the display name on my account so that it will Show some other then my username.
When i signed up i used a series of characters as i find that more secure then putting BOB or JOE for a username but when i post on the forums it shows the series of characters that i chose for my login,
I am wondering if there is a way I can change the display name on my account so that it will Show some other then my username.
Amaury
Well-known member
Pretty sure you'll need an add-on, which you can search the resource manager for.
erich37
Well-known member
Last edited:
MITK
Member
Better practice would be not to display the username for the Admin account (like SMF does) then you don't need to worry about that.
I don't know about other people, but i don't want to leave an admin account dormant on the net that can be access while i am using another account.
Moderators also have the same issue, there username is the name on display so someone could do brute force attempts knowing the username, hell same can be said about standard accounts. "oh sorry for saying all that crap or posting that porn, my account was hacked because my username is my display name" and its not like people are Wiz's when it comes to picking a password.
Today more then ever we need to take IT Security more serious and by fixing the small things like this that is one less item that can pose a possible problem.
It kind of blows my mind away, that a great forum software with a lot of forward thinking like Xenforo doesn't have something like changing the display names.
I don't know about other people, but i don't want to leave an admin account dormant on the net that can be access while i am using another account.
Moderators also have the same issue, there username is the name on display so someone could do brute force attempts knowing the username, hell same can be said about standard accounts. "oh sorry for saying all that crap or posting that porn, my account was hacked because my username is my display name" and its not like people are Wiz's when it comes to picking a password.
Today more then ever we need to take IT Security more serious and by fixing the small things like this that is one less item that can pose a possible problem.
It kind of blows my mind away, that a great forum software with a lot of forward thinking like Xenforo doesn't have something like changing the display names.
Last edited:
Mouth
Well-known member
... and if you understood this, then you'd know that security by obscurity is no security at all.
If brute force attacks is your concern, then taking security seriously would not mean you want to hide logon/usernames.
MITK
Member
I am not looking to turn this into a flame post, I asked if there was a solution to what I feel is an issue and by the looks at it at least one other person in this world agrees with me.
Now you don't have to agree and to be honest i could careless if you do, by why would i want to give someone who wants to do my site harm 1/2 the puzzle to start with?
Here is the username now you just need to figure out the password. vs You don't have the username or password..
Neither are 100% secure but at least with the second method they are going to have to work for it a little harder and it might discourage some and have them move on.
And i used brute force as a basic example because ANYONE can do that, just download accessdiver or another program and within 10 minutes your off to the races.
Now you don't have to agree and to be honest i could careless if you do, by why would i want to give someone who wants to do my site harm 1/2 the puzzle to start with?
Here is the username now you just need to figure out the password. vs You don't have the username or password..
Neither are 100% secure but at least with the second method they are going to have to work for it a little harder and it might discourage some and have them move on.
And i used brute force as a basic example because ANYONE can do that, just download accessdiver or another program and within 10 minutes your off to the races.
erich37
Well-known member
you are absolutely correct.
There needs to be a simple way in order to achieve more security.
Things like these should be given top priority.
MITK
Member
I would love to hear the thoughts from the developers on this, as i said they have a very forward thinking product here and I really like an enjoy using as I continue to use it from day to day.
Maybe there is a restriction that doesn't allow them to do this, i installed 1.3 hoping that maybe it was an upcoming change but it was not.
Maybe there is a restriction that doesn't allow them to do this, i installed 1.3 hoping that maybe it was an upcoming change but it was not.
Mouth
Well-known member
The simple way is to not post with your Admin account and keep it hidden. Problem solved.
The OP claims that not exposing the username is not giving 1/2 the puzzle - not exposing your admin account at all is not giving any of the puzzle.
erich37
Well-known member
I have already posted a couple thousand of threads with my "Admin account".
What do you suggest to do ?
erich37
Well-known member
So you are saying I should change my current "Admin account" towards a "Moderator account" ?
And then create a new "Super Admin Account" which I am not using for posting, but just for "Admin-Login" ?
It is quite uncomfortable to mess around in config.php-files........
http://xenforo.com/community/thread...ser-to-super-administrator.33274/#post-379632
xIsabel38
Well-known member
Hi, not sure if this will help at all but I had an issue where a user was trying to brute force the ACP on SMF by trying to guess the password to the admin accounts.
The whole situation can be pretty nerve wrecking not knowing if the forum will be gone by the time you wake up the next morning.
So I made a post about it here and @tenants answered. Now the "fix" may not be for everyone, especially if you move around or travel a lot. But if you find yourself using your forum at just 1 or 2 locations then this add-on that @tenants made for me may be of help to you.
Check it out here:
http://xenforo.com/community/resources/xenloginsecurity-ip-address-account-login-security.1194/
The whole situation can be pretty nerve wrecking not knowing if the forum will be gone by the time you wake up the next morning.
So I made a post about it here and @tenants answered. Now the "fix" may not be for everyone, especially if you move around or travel a lot. But if you find yourself using your forum at just 1 or 2 locations then this add-on that @tenants made for me may be of help to you.
Check it out here:
http://xenforo.com/community/resources/xenloginsecurity-ip-address-account-login-security.1194/
Similar threads
- Question
