• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Plesk Term Passwords

Ahmet CAVUSOGLU

Ahmet CAVUSOGLU

New Pleskian
Server operating system version
Ubuntu 20 LTS
Plesk version and microupdate number
18.0.50
Hello, is there a system in Plesk Panel that obliges users to change their passwords such as e-mail, panel?
 
There is not forced password change in Plesk. If you believe that this would be an important feature, please vote for any of these feature requests:
plesk.uservoice.com

Force password reset email users

It would be VERY helpful in a security sense to force a password change whom use emails services (via roundcube). So if I have 100 users who do not access the panel, but simply have email, they would be forced to change passwords every 30 days?
plesk.uservoice.com
plesk.uservoice.com

Block users from re-using old password, especially for mailboxes

System could remember a certain number of old passwords (admin configurable) and prevent user from selecting these again. Have had more cases than I'd like to admit where customer re-used a previously compromised password. If Plesk remembered the last x passwords used by that account it...
plesk.uservoice.com
If you would like to see a forced password update term for the panel login, please create a new feature request. However, I remember that research has shown that such forced password updates are useless in terms of security. Don't remember the source though.
 
Thank you for your support Peter, the topic you mentioned is important I will keep in mind. If there is the situation you mentioned, it would be appropriate to increase the difficulty of the password instead of renewing the password. Please correct me if I'm wrong. In my opinion, in the case of a continuous attack, part of the password will be decrypted in a certain time.
 
You are right that it is easy to decrypt passwords today, even longer onces, because a lot of computing power is available from some graphics adapters. But when you have Fail2Ban activated in Plesk, this will stop attackers after very few attempts (configurable), so there is no way that brute-forcing can succeed against a Plesk panel.
 
You must log in or register to reply here.

Similar threads

predmijat
Resolved Restored from backup, but new passwords set
Replies
4
Views
532
predmijat
predmijat
R
Question DKIM signing password reset emails
Replies
2
Views
378
redactie_uvw
R
F
Issue Adding another Database Server without knowing the admin password
Replies
11
Views
775
Kaspar
K
J
Issue Plesk's authentication driver for dovecot is trying to write to the email accounts password file
Replies
5
Views
549
John Calvert
J
andreios
Issue HTTP/3 enable for panel redirects to localhost when changing E-Mail password
Replies
7
Views
1K
ChrisMonder
ChrisMonder
Back
Top