Different Admin Password for ACP

https://www.phpbb.com/ideas/
Ideas Bot
Registered User
Posts: 437
Joined: Sat Oct 13, 2012 10:06 am

Different Admin Password for ACP

Post by Ideas Bot » Sat Sep 23, 2017 7:18 am

Currently an Admin only has one password that will allow access to both the "front end" and the ACP. If that password is compromised in any way (possibly by a rogue extension) then the "hacker" could have access to the ACP.

By having a separate password for the ACP then the level of security would be increased for the board.

There would need to be checks in place that the two passwords were different and also that they were not similar - "admin" and "admin1" for example should not be allowed.

User avatar
tojag
Registered User
Posts: 339
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Different Admin Password for ACP

Post by tojag » Sat Sep 23, 2017 3:46 pm

And... enforcing password change for the admin or group only, not for all users.

User avatar
AmigoJack
Registered User
Posts: 5353
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Different Admin Password for ACP

Post by AmigoJack » Tue Oct 17, 2017 7:45 am

david63 wrote:the level of security would be increased for the board
No: having two passwords for one account would cut the security in half, as then only one of both has to be found. Why not using an administrator account just for that and using a separate account for being a board member?
david63 wrote:also that they were not similar - "admin" and "admin1"
This is not possible, as only passwords hashes are stored - and comparing hashes won't show how similar their source is.
The worst thing about censorship is ███████████

User avatar
david63
Jr. Extension Validator
Posts: 14905
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Different Admin Password for ACP

Post by david63 » Tue Oct 17, 2017 9:15 am

AmigoJack wrote:
Tue Oct 17, 2017 7:45 am
having two passwords for one account would cut the security in half, as then only one of both has to be found
Incorrect - if you have a different password for the ACP to the one you are using to logon with then you are doubling the security as both passwords would have to be found.
AmigoJack wrote:
Tue Oct 17, 2017 7:45 am
This is not possible, as only passwords hashes are stored - and comparing hashes won't show how similar their source is.
But it would be possible if it was checked on install and if you were changing the ACP password you also had to enter them both.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
AmigoJack
Registered User
Posts: 5353
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Different Admin Password for ACP

Post by AmigoJack » Tue Oct 17, 2017 2:11 pm

This implies that changing the "normal" password would also need me to enter the "ACP" password in order to see if it's not too similar. But this time it's outside the ACP, which in turn exposes them both to the same danger of being captured.
The worst thing about censorship is ███████████

Highgirl
Registered User
Posts: 7
Joined: Sat Dec 09, 2017 6:05 pm
Location: Amsterdam

Re: Different Admin Password for ACP

Post by Highgirl » Sat Dec 09, 2017 6:22 pm

I don't realy understand the benfits makes managment more complicated

User avatar
david63
Jr. Extension Validator
Posts: 14905
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Different Admin Password for ACP

Post by david63 » Sat Dec 09, 2017 6:52 pm

Highgirl wrote:
Sat Dec 09, 2017 6:22 pm
I don't realy understand the benfits makes managment more complicated
It does not make management any different - you have to enter a password to get to the APC, it will just be a different password.

The advantage is that if your "front end" password is compromised then you will still have security to the "back end"
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
warmweer
Registered User
Posts: 1240
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: Different Admin Password for ACP

Post by warmweer » Tue Jan 02, 2018 11:02 pm

david63 wrote:
Sat Dec 09, 2017 6:52 pm
...
The advantage is that if your "front end" password is compromised then you will still have security to the "back end"
I'm not convinced.
If your login password is compromised then the "hacker" can change the email and thus lock you out. And unless the second password can't be changed without first logging into the ACP, that second password can be changed by the "hacker", in which case ACP access is doomed (luckily you still have database access so all is not lost.
That would be a NO from me, unless I'm missing (a lot of (things).
A bug is a feature that hasn't made it to the manual (yet)

User avatar
Ger
Recognised Extension Developer
Posts: 1771
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Different Admin Password for ACP

Post by Ger » Wed Feb 07, 2018 12:50 pm

david63 wrote:
Sat Dec 09, 2017 6:52 pm
It does not make management any different - you have to enter a password to get to the APC, it will just be a different password.

The advantage is that if your "front end" password is compromised then you will still have security to the "back end"
Wouldn't it be better to use a two-factor approach, like sending an SMS?

A rogue extension would as easily compromise a second (ACP) password as a regular one I'd say. Principle would be the same, just the event would be different.

The best security comes from the combination of needing some secret you know (password) and something unique you have (like a phone).
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

Bermudez
Registered User
Posts: 88
Joined: Mon Aug 15, 2011 11:56 pm
Location: Spain
Name: Juan Antonio
Contact:

Re: Different Admin Password for ACP

Post by Bermudez » Fri Feb 16, 2018 9:04 pm

Ger wrote:
Wed Feb 07, 2018 12:50 pm
david63 wrote:
Sat Dec 09, 2017 6:52 pm
It does not make management any different - you have to enter a password to get to the APC, it will just be a different password.

The advantage is that if your "front end" password is compromised then you will still have security to the "back end"
Wouldn't it be better to use a two-factor approach, like sending an SMS?

A rogue extension would as easily compromise a second (ACP) password as a regular one I'd say. Principle would be the same, just the event would be different.

The best security comes from the combination of needing some secret you know (password) and something unique you have (like a phone).
+1

User avatar
tojag
Registered User
Posts: 339
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Different Admin Password for ACP

Post by tojag » Sun Feb 18, 2018 6:52 pm

Gentlemen, vote for my idea of introducing 2FA. This solution is really needed nowadays.
viewtopic.php?f=436&t=2438306
Thanks!

User avatar
warmweer
Registered User
Posts: 1240
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: Different Admin Password for ACP

Post by warmweer » Sun Feb 18, 2018 9:03 pm

tojag wrote:
Sun Feb 18, 2018 6:52 pm
Gentlemen, vote for my idea of introducing 2FA. This solution is really needed nowadays.
viewtopic.php?f=436&t=2438306
Thanks!
Care to expand on what 2FA involves?
If it implies a verification code being necessary and sent by SMS ... a NO GO from me.
And whatever method is used, it second that it should be optional and not enforced.
A bug is a feature that hasn't made it to the manual (yet)

User avatar
tojag
Registered User
Posts: 339
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Different Admin Password for ACP

Post by tojag » Sun Feb 18, 2018 9:36 pm

It should be an option in UCP, and a global on/off in ACP. Google Authenticator would be enough.
Of course it can be extension, but built in core will be better, because it ensures that it will always work in new version phpbb.
Paul develop an extension but it has a bugs and probably crashed 3.2.2 viewtopic.php?f=456&t=2341856
If it would be a good, official extension, it would be ok.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 20237
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Different Admin Password for ACP

Post by Mick » Mon Feb 19, 2018 10:00 am

tojag wrote:
Sun Feb 18, 2018 6:52 pm
vote for my idea of introducing 2FA
Please stay on topic, keep to your own idea(s) unless you’ve got something positive to add. Campaigning for your own idea(s) in someone else’s is frowned upon.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
Scanialady
Registered User
Posts: 211
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Different Admin Password for ACP

Post by Scanialady » Wed Mar 07, 2018 1:00 pm

it is easy to create an entry for .htaccess and a password file .htpasswd out of public_html for basic authentication to get a second password for acp. May be you can do it with your providers management console.
Webseite, Blog, Wiki
JV-Arcade / phpBB-Arcade / dmzx-Extensions Übersetzungsteam, andere deutsche Übersetzungen - german language files

Post Reply

Return to “phpBB Ideas”

Who is online

Users browsing this forum: No registered users and 1 guest