Disable Default Admin or Setup 2FA
-
is there is any way of either activate 2FA on default Admin user or could disable it?
-
Hello,
Indeed, there must be at least one local admin account, with the purpose of ensuring access is still possible even if the OIDC server becomes unavailable.
If the goal is to secure access, @nebulon 's suggestion (a strong unique password) is the right one.
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
-
Hello,
Indeed, there must be at least one local admin account, with the purpose of ensuring access is still possible even if the OIDC server becomes unavailable.
If the goal is to secure access, @nebulon 's suggestion (a strong unique password) is the right one.
@jypelle is their is autoblock account option exist after certain number of wrong password attempt??
-
No, but there is at least a one-second delay between each attempt.
Let's imagine a bot attempting to log in with a different password every second. In 5 years, it would have time to test 5x365x24x3600 = 1.5x10^8 combinations.
Now, if you choose a password of only 10 characters from [a-zA-Z0-9], that gives 8.4x10^17 combinations.
Before the bot finds your password, you have at least a few million years ahead of you...
-
Lollzz thanks
-
@DualOSWinWiz With release 1.17.0, there is now a 5-second delay between failed login attempts.
