Confused about admin pwd reset error

Hi everyone,

I'm finally finding some time to work on our new D7 installation. Had it set up from AntonLV professionally so everything should be A-Okay. After logging in I immediately spotted the "change password" option for the admin ... clicked on it ... entered the old password ... followed by adding the new password - and a repeat of the new password ... only to receive a message that stated that there's an error with the new password ... ??? Huh, how can that be? I used more than 5 characters ....

Okay, I have no idea what "special criteria" is being requested of me, but I went ahead and tried 4 different variations, ranging from long to short passwords, with and without special characters. Each time I'd receive the same error message.

What I find very irritating about this is that the change password option was basically right in my face to notice, almost like an implication that if someone set up dolphin for you with an eazy peazy admin password, then perhaps making such a change would be a good idea ??? until you actually try it. Well, did a little searching in the forum and came up with this link here:

http://www.boonex.com/unity/forums/topic/Reset-Admin-Password.htm

Which prompts 2 questions:  1. What's the purpose of the change admin password option in the admin dashboard if it won't work? And 2. is there no other way around this than having to access the SQL db every time that you want to change the admin password? I'd really appreciate it if someone could shed some light on this subject since I'd really like to use an easier/quicker method to change my passwords. Thank you.

Greetings from Florida! (Yeah, we moved back to the USA last month).

I recall numerous posts about this feature not working, which leads me to believe that it's a remnant of Dolphin 6.1, and it no longer works. Dolphin 7.0 now has the administrator account registered as an actual member, so I suggest you try to change your password the proper way- by navigating to your account on the web site and changing it like any other member would.

Thanks, Magnussoft.

But doesn't that mean that I can no longer run my admin account separately from my user account if I only wish to have one user account? Seems to me that that would be a higher security risk as a user account would presumably be easier to hack into than an admin account, no? My video site for instance, hides user PWDs only three levels deep, whereas the admin is hidden five levels deep. Hmmm, so the entire D7 site is running at the same level of security for all users, regardless if Standard, Admin, whatever ... ???

I fail to see a security risk. If you like, you can suspend your administrator account (done from the account dashboard), which will make it inaccessible from other people, except yourself. Once done, you can just create a new account and have it act as your normal account.

Well, the security risk lies therein that many people who install applications for others online, tend to do certain things that are common knowledge to hackers. For example, everyone uses "admin" as the user login for an application administrator. Wow, now how hard is that to figure out? Then, even worse, to make first time administration easier on the new user, many installers choose nifty easy to remember passwords like .... accessnow ... or even worse (in my case). D7 is supposed to be the ultimate community software with zillions of features, addons, plugins, third party apps. and the ability to retain tens of thousands of users. Well, you'd think that admin account security would be considered as a top, separate priority for such a phenomenal product. D7 is the first application that I've had in the past 12 - 15 years where admin and user security levels are shared alike. This makes me wonder ....

Is the security in D7 really so hot that it doesn't matter if access security is equal for everyone? (GOOD, IF SO)

Or, is D7 security just average all around which would then imply a greater risk to hackers for admin accounts? (BAD NEWS)

I'm actually a bit surprised that I'm the only one who seems to be concerned about this issue. Hackers are on the news every day for hacking into systems and a lot of them practice on community, game, and other sites before trying the big league ... like government sites or financial institutions.