DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Force Username for Administration

More
26 Nov 2009 11:35 #59038 by spenm
Force Username for Administration was created by spenm
Does anyone know if you can rename the admin user to something else. Sorry, just realised you don't need to type a username but just a password!! Ok, lets change this to, Can anyone tell me if I can force a username to be used rather than leaving it blank. I allow management from the internet of my device and I'm quite keen on changing the defaults.

Please Log in or Create an account to join the conversation.

More
26 Nov 2009 12:21 #59041 by admin
Replied by admin on topic Force Username for Administration
You can't, but why does it matter ?



Forum Administrator

Please Log in or Create an account to join the conversation.

More
29 Nov 2009 17:32 #59089 by mordorf
Replied by mordorf on topic Force Username for Administration

admin wrote: You can't, but why does it matter ?



That is a very worrying question/response from an Admin of this forum!
Tell you what, why not do away with all usernames and passwords altogether!! Lets face it there really are no hackers out there trying to gain access to any connected device, why should there be!?

Seriously though, a non standard username and password has just got to be more secure than just a password, security is all about layers, the more layers the more secure.

I think that forcing a username is a very reasonable request as is a customisable username so +1 from me.

Please Log in or Create an account to join the conversation.

More
29 Nov 2009 19:50 #59091 by spence
Replied by spence on topic Force Username for Administration

admin wrote: You can't, but why does it matter ?



That's why with the current crop of Windows Servers, installation asks you for an administrator name and advises you NOT to use Administrator.

Next you'll be advising 123456 as the password.

Please Log in or Create an account to join the conversation.

More
30 Nov 2009 08:38 #59100 by admin
Replied by admin on topic Force Username for Administration

Mordorf wrote:

admin wrote: You can't, but why does it matter ?



That is a very worrying question/response from an Admin of this forum!......Seriously though, a non standard username and password has just got to be more secure than just a password, security is all about layers, the more layers the more secure



Well, that could be considered rude, but I'll put my thick skin on for a moment at least so I can win an argument :-)

You're quite right, the more layers, the more secure....but you're not talkin about layers. Think about what you've said if you still think that username+password is more secure than password in this scenario, confirm that you don't understand , and I'll explain why you're wrong... :-)

Clarification : A changeable username could be useful, but for other reasons.



Forum Administrator

Please Log in or Create an account to join the conversation.

More
30 Nov 2009 09:34 #59101 by mordorf
Replied by mordorf on topic Force Username for Administration
I am a security expert that makes a living out of IT security. A non standard username and password IS more secure than just a password. Anyone that thinks otherwise isn't firing on all cylinders! But go ahead and enlighten me, if I'm wrong I'll apologise in full.
I suppose you are going to say that because the username is shown when entering it someone could shoulder surf to discover the username but the same can be said for passwords. Like I said, layers, more is better and a username is most definately a layer. It's a pair thing, the password must match the username and the username must match the password. If only a password is required then the hacker only has to discover one piece of information.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami