New Admin changes his Password: Security Risk?

  • bmw2020

    (@bmw2020)


    7 years, 6 months ago

    Hello,

    I needed to create a new User to allow a new webmaster to do work on my site. I created a new Admin, created a password, had those sent to him, then some days later I got a Securi notice saying that his Admin password was changed. He did this, not I, which means he has an Admin password that I do not know.

    Is this dangerous? I still have the power to delete his access to my site, should I deem it necessary, by simply deleting him as an Admin User, correct?

Viewing 3 replies - 1 through 3 (of 3 total)
  • catacaustic

    (@catacaustic)

    7 years, 6 months ago

    There’s no issue whatsoever with you not knowing the other password. You can delete the other user at any time.

    The only possilbe issue is that the new admin can also delete your account too – but no semi-reputable web developer would even think of doing this. To guard against that all you need to do is keep a database backup that can be restored if anything does happen. But… you should be keeping backups anyway. 🙂

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    7 years, 6 months ago

    New Admin changes his Password: Security Risk?

    No.

    *Drinks coffee*

    Your account is an admin level and as already written above, you do not need to know anyone else’s password. If you don’t trust the other user then don’t make them an admin.

    Thread Starter bmw2020

    (@bmw2020)

    7 years, 6 months ago

    Yes, I do keep backups. I’m almost certain I’ll never need a backup for this reason though. Thanks for your replies. 🙂

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘New Admin changes his Password: Security Risk?’ is closed to new replies.