Facebook
Twitter
Ahmet CAVUSOGLU
New Pleskian
- Server operating system version
- Ubuntu 20 LTS
- Plesk version and microupdate number
- 18.0.50
Hello, is there a system in Plesk Panel that obliges users to change their passwords such as e-mail, panel?
-
Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring. We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design. If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
-
Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations. -
The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
Question Plesk Term Passwords
- Thread starter Ahmet CAVUSOGLU
- Start date
-
- Tags
- term passwords
There is not forced password change in Plesk. If you believe that this would be an important feature, please vote for any of these feature requests:
If you would like to see a forced password update term for the panel login, please create a new feature request. However, I remember that research has shown that such forced password updates are useless in terms of security. Don't remember the source though.
Force password reset email users
It would be VERY helpful in a security sense to force a password change whom use emails services (via roundcube). So if I have 100 users who do not access the panel, but simply have email, they would be forced to change passwords every 30 days?
plesk.uservoice.com
Block users from re-using old password, especially for mailboxes
System could remember a certain number of old passwords (admin configurable) and prevent user from selecting these again. Have had more cases than I'd like to admit where customer re-used a previously compromised password. If Plesk remembered the last x passwords used by that account it...
plesk.uservoice.com
Ahmet CAVUSOGLU
New Pleskian
Thank you for your support Peter, the topic you mentioned is important I will keep in mind. If there is the situation you mentioned, it would be appropriate to increase the difficulty of the password instead of renewing the password. Please correct me if I'm wrong. In my opinion, in the case of a continuous attack, part of the password will be decrypted in a certain time.
You are right that it is easy to decrypt passwords today, even longer onces, because a lot of computing power is available from some graphics adapters. But when you have Fail2Ban activated in Plesk, this will stop attackers after very few attempts (configurable), so there is no way that brute-forcing can succeed against a Plesk panel.
Obligatory XKCD: Password Strength
