We Need Better Security

Avatar
  • Answered
When is Inmotion going to improve security for account and cpanel access? I can't protect my main account with anything better than a good password.

I can force the user of strong passwords and two-factor authentication on my clients WordPress sites, but there's nothing at all to prevent a client from setting their cpanel account to use password1234, and no way to set anything stronger than a simple password.
Avatar
Scott
Hello billsmithem,

Thank you for your question on server security. Passwords must be of a specific strength in order to be used. Passwords are the responsibility of the person who sets them. Unfortunately, some silly passwords can be created and thus passed by fairly quickly. SSH has to use keys, so without those, it is not possible to access the account. FTP uses IP verification as well as a username and password.

VPS and Dedicated servers have the ability to enable two-factor authentication for cPanel. That is just not enabled for shared servers as many do not want it.

The vast majority of hacks and entry are through software vulnerabilities and, of course, weak passwords. Both of those are in the cPanel user's responsibility. Server hacks are extremely rare due to network countermeasures.

Kindest Regards,
Scott M