Security Issue

[AlternativeNick 0]

Hey all, i think this is a major problem.it costs 10 credits to change youre cpanel password.What is up with that? if someones password is compromised, and they dont have the credits, it could take a while for them to get the credits high enough to change it, and in that time its very possible that someone could take advantage of the site/cpanel etc.I really think this should be changed, if anything make it cost 1 credit, because im sure everyone has that.Personally, i have a hard time posting on forums (i cant usually think of anything to say) so my credits are almost always below 10.Anyways, im just saying, for the sake of safety, it shouldnt cost that much to change youre password, being able to change passwords in a flash is very important if you ask me

[BuffaloHelp 24]

There's also a disadvantage of allowing changing cPanel password in a flash... what if someone has the access of seeing your forum password? Without you knowing a password can be changed to both accounts--the forum and your cPanel.

 

Allowing credits to be used serves as a buffer if your cPanel password needs to be changed other than you. If you have only 9 credits, someone else cannot change your cPanel password immediately unless gaining additional credits needed.

 

But before we discuss what ifs... let's discuss about preventing it from happening in the first place.

 

You can change your cPanel without any hosting credits. This is done through your cPanel. So the very first step is to protect and complicate your password to your cPanel. Mix numbers and letters. Make it longer than 6 characters (128 is max). Make sure you do not have keylogger or spyware in your computer used to access your cPanel. Do not, I repeat, do not use public computer that you do not use often to access your cpanel or FTP. They may be infected with who knows what.

 

If you are still worried about cPanel being compromised, change your password often. When you change your cPanel password, change your forum password as well. Email both passwords to your "secure" email address OR memorize them. Do not write it down. If you have to write it down, chances are you will forget them.

 

Protect your password.

Don't write down your password - memorize it. In particular, don't write it down and leave it lying around where people can see it, and don't place it in an unencrypted file! Use unrelated passwords for systems controlled by different organizations. Don't give or share your password, in particular not to someone claiming to be from computer support or a vendor unless you are sure that are who they say they are. Don't let anyone watch you enter your password. Don't enter your password at a computer or to a site you don't trust. Use the password for a limited time and change it periodically.

 

Choose a hard-to-guess password that includes a variety of letters, numbers and special characters.

passwd will try to prevent you from choosing a really bad password, but it isn't foolproof; create your password wisely. Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and location) or any variation of your per- sonal or account name. Don't use accessible information about you (such as your phone number, license plate, or social security number) or your environment. Don't use a birthday or a simple pattern (such as backwards, followed by a digit, or preceded by a digit. Instead, use a mixture of upper and lower case letters, as well as digits or punctuation. When choosing a new password, make sure it's unrelated to any previous password. Use long passwords (say 8 characters long). You might use a word pair with punctuation inserted, a passphrase (an understandable sequence of words), or the first letter of each word in a passphrase.

[AlternativeNick 0]

oh, sorry about this then :rolleyes:i wasnt aware that you could change youre cpanel password within cpanel :)thanks.