L |
aka Geek Girl |
Currently the personal and personal plus licenses limit accounts to 1 and 2 respectively. This includes the SINGLE admin account. These licenses are intended for personal OR small business use and not for reselling. That makes sense, and the license fees are reasonable for the intended uses. HOWEVER, even in a small business, there needs to be >1 person (number depends on the size of the business) with admin access to all business critical services so if that admin gets hit by a bus, someone else can keep the business services running. That is simply good business practice.
As is, the DirectAdmin licensing policy discourages users from following cybersecurity best practices. By including admin accounts in the limits (of only 1 or 2 users), the policy encourages the sharing of administrative account login credentials and discourages the use of 2FA. That is, for a team of 3 admins to use DirectAdmin under one of these licenses, they would all have to share the same admin account, and since 2FA is tied to a specific device (and 3 users cannot have the same physical device), then 2FA must be disabled in this scenario. Every administrator should have their own account which can be monitored/audited. Furthermore, it is well understood today that password-only authentication is DANGEROUS and easily breached and that 2FA (while not perfect) should be used everywhere possible.
I'm requesting that these licenses support a reasonable number of admin accounts (at least 3) and a limited number of normal user accounts. Personal could support zero non-admin accounts and personal plus could support one non-admin account (as they do now). This would meet the goal of the licenses which is that they be used for small businesses but not be used by big resellers while supporting the use of good cybersecurity practices.
Thank you.