Feature request: seperate passwords

oliverb · ‎02-08-2007

This is something I've been thinking about for some time.
At present most plusnet features are authenticated using the account username and password. While at first glance this is very convenient it can also be a security risk, particularly when the admin password for the entire account is also being used as ... say ... ftp password, also the email password, (ASMTP?) and dial-up password.
I'd like to have the option to have these functions performed by different authentication so that a password that's routinely stored on multiple computers cannot be used to tamper with the account settings.
Rather than add another level of passwords one solution might be for the account holder to select a mailbox as being "responsible" for a given function, then that mailbox password could be used.
I look after a business account and for years I didn't really worry, its only late last year that I had to change the main password, but for some time I'd been aware that ftp was relatively insecure.

Ianwild · ‎05-04-2007

That sounds like a good idea for a feature, but It's a huge piece of work and not one I can see us being able to implement easily.
If there was general demand, we could maybe have two things:
- Different settable password for FTP (like we have with CGI and the new Voip system already).
- A roaming option whereby access to all of our services are locked down to your own connection unless you activate, which would make the services globally accessible. This would make the default a lot more secure for most customers and prevent things like random dictionary attacks against ASMTP.
Using mailbox passwords, technically speaking, isn't really an option I don't think but security is always a concern and if there was more we could do without causing a lot more inconvenience we should certainly take a look at it.
Ian

Feature request: seperate passwords

Feature request: seperate passwords

Re: Feature request: seperate passwords