• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Block of password manager

D

D@ve

Guest
Hi,
Why does plesk block the password manager of the browser? This is quite a lack of security. I have massive problems with customers choosing very simple passwords which can be exposed by a simple dictionary attack, sticking it per postit on ther LCD...
And I for my self have the same problem. I normaly use 12 digit randomized passwords with numbers/camelCase/special chars etc. Since plesk is a tool I'm daily working with, these password strength is not practicable with plesk without a password manager.

I can't understand how a high level software like Plesk has such a design flaw.

Regards, Dave

PS: I'm relativley new to plesk (former used confixx). I'm sorry if I missed the option in the config area how to deactivate this.
 
Hello Dave,

Many would consider browser password cache same insecure as a sticker on LCD. This problem was reported to us a security concern many times. I would recommend to use password generator which produces random yet easy-to-remember password, or perhaps use more advanced password manager like LastPass, which doesn't store your password (master password concept is used), yet can put in Plesk login form.

Regards
 
Sergey L said:
Hello Dave,
Many would consider browser password cache same insecure as a sticker on LCD. This problem was reported to us a security concern many times. I would recommend to use password generator which produces random yet easy-to-remember password, or perhaps use more advanced password manager like LastPass, which doesn't store your password (master password concept is used), yet can put in Plesk login form.
Click to expand...

Please no This-is-not-a-bug-its-a-feature-discussion. This IS a problem in design.

You can't force the security messures to the user if it is to complicated. You always need a balance between security and simplicity. And for ME it maybe okay to use an additional password manager but not for the normal end user. They WILL use a simple password.

Many would consider browser password cache same insecure as a sticker on LCD.
Click to expand...
Consider what is more insecure, the browser cache, or a simple password like "admin".

This problem was reported to us a security concern many times.
Click to expand...
ÃŒf this problem was reported many times: Please act accordingly and make this "feature" optional.

Plesk is beeing used as a negative example ("don't do it that way") for inffective security measures in our lecture at university (security for developers). THAT alone should give you some food for thought.

It's really annoying.
 
You must log in or register to reply here.

Similar threads

R
Question DKIM signing password reset emails
Replies
2
Views
378
redactie_uvw
R
B
Issue Password strength policy displayed to users does not match the one chosen by admin
Replies
0
Views
1K
blipp
B
B
Forwarded to devs Wordpress toolkit - odd behavior: Change of preferred domain triggers password change and makes admin interface inaccessible
Replies
2
Views
2K
IgorG
IgorG
C
Resolved backup manager password lost
Replies
3
Views
3K
christian
C
Pedro Cavaleiro
Question Block user file upload
Replies
1
Views
2K
Bitpalast
Bitpalast
Back
Top