EmailDiscussions.com - View Single Post

Lesslame · 4 Dec 2013, 04:41 PM

hi,

if a normal user has "admin rights" for the family account, i.e. he is able to manage the masteruser_account from his own account, this normal user can actually reset the password for the masteruser-account --> effectively taking over the complete family with all email accounts! I tried to avoid this by making the masteruser_account "private", but that seems to be broken? I tried different ways but it seems impossible to make the masteruser "private". Even if it would work: I am afraid the "reset password" option would still be available...?

For a while I tried to get around this problem by using alternative logins with restricted access for my normal user, but then I cannot delete attachments from emails (which I do regularly), so that is not an option for me. If I log into my normal user with an alternative login with full access, I can manage the family and the security problem mentioned above is real.

The only workaround right now: I decided to remove "admin rights" from all normal accounts, now I can only "manage" the family by explicitely logging in with my masteruser-account (and I am using an alternative login with full access here as well to protect my real (very complicated) masteruser_password).

Basically this means that the "admin rights" feature, which allows normal users to manage the family, is too dangerous to use.

Or am I missing something?

4 Dec 2013, 04:41 PM	#1
Lesslame Junior Member Join Date: Aug 2007 Posts: 9	Security in family accounts hi, if a normal user has "admin rights" for the family account, i.e. he is able to manage the masteruser_account from his own account, this normal user can actually reset the password for the masteruser-account --> effectively taking over the complete family with all email accounts! I tried to avoid this by making the masteruser_account "private", but that seems to be broken? I tried different ways but it seems impossible to make the masteruser "private". Even if it would work: I am afraid the "reset password" option would still be available...? For a while I tried to get around this problem by using alternative logins with restricted access for my normal user, but then I cannot delete attachments from emails (which I do regularly), so that is not an option for me. If I log into my normal user with an alternative login with full access, I can manage the family and the security problem mentioned above is real. The only workaround right now: I decided to remove "admin rights" from all normal accounts, now I can only "manage" the family by explicitely logging in with my masteruser-account (and I am using an alternative login with full access here as well to protect my real (very complicated) masteruser_password). Basically this means that the "admin rights" feature, which allows normal users to manage the family, is too dangerous to use. Or am I missing something?