Security in family accounts
hi,
if a normal user has "admin rights" for the family account, i.e. he is able to manage the masteruser_account from his own account, this normal user can actually reset the password for the masteruser-account --> effectively taking over the complete family with all email accounts! I tried to avoid this by making the masteruser_account "private", but that seems to be broken? I tried different ways but it seems impossible to make the masteruser "private". Even if it would work: I am afraid the "reset password" option would still be available...?
For a while I tried to get around this problem by using alternative logins with restricted access for my normal user, but then I cannot delete attachments from emails (which I do regularly), so that is not an option for me. If I log into my normal user with an alternative login with full access, I can manage the family and the security problem mentioned above is real.
The only workaround right now: I decided to remove "admin rights" from all normal accounts, now I can only "manage" the family by explicitely logging in with my masteruser-account (and I am using an alternative login with full access here as well to protect my real (very complicated) masteruser_password).
Basically this means that the "admin rights" feature, which allows normal users to manage the family, is too dangerous to use.
Or am I missing something?
|