Security for admin accounts

[xeanyngoat]

Hi there,

I cant post here: http://xenforo.com/community/threads/forum-security-admin-account.63439/ so started this thread. Thought it would be more secure to have a different display name to the login name (at least for admin accounts) for the extra protection, similar to WordPress. Seems a bit odd to me that straight out of the box someone only needs to guess a password for an admin account.

Cheers.

 

[Paul B]

The reason you can't post in that thread is because you haven't associated your forum user name with your license.

How do you know which are admin accounts?

If the site owner so wishes, they can remove the first account as an admin account and set up a new one.

So then you would have to guess the account and the password.

Not to mention defeating the .htaccess password/IP auth on the ACP log in.

 

[xeanyngoat]

The reason you can't post in that thread is because you haven't associated your forum user name with your license.

Thanks

How do you know which are admin accounts?

On some sites it would be pretty easy to figure out who the admins are because they would be the ones doing all the 'butt kicking', I guess

If the site owner so wishes, they can remove the first account as an admin account and set up a new one.

Does this mean use a different account to do the posting with?

I still think a useful solution is to allow different username to display name My thoughts.

 

[Newt]

I think what you're looking for is pretty well explained here. Makes the user.1 Super Admin account no longer as exposed. Now the admin.php file can still be targeted, hence the .htaccess protection which adds a security layer.