I have searched for something like this but have not been able to find exactly what I am looking for.
I am trying to protect my admin account. My concern, which is most likely an edge case but possible nevertheless, is that someone could keep trying my admin account username (visible because I use it to post user guides etc.) and lock me out by simply trying it several times. I know this won’t lock me out permanently, but I would like to avoid this altogether.
Will enabling 2FA prevent this?
Also, as a best practice, should I have both a moderator account for myself to moderate the forum, and an admin account to do everything admin related?
I think my confusion stems from the fact that when I first set up the forum, ‘system’ was the account that did everything and when I would post messages it would come from system.
If anyone was going to try to log in as you, they would have to know the email address you used when you set up your account. IF you forgot your password, they would also have to have access to your email account to receive a password reset… if the reset is even possible.
Do you log out as administrator? If not, every time you go to your forum, your IP address and cookie are recognized and you are logged in automatically. If you do log out, that’s when you have have to log back in using your email address (used at creating your forum) and password.
From your description, you are concerned of a potential situation happening and not something that has actually happened?
Regarding having a seperate moderator and an Admin account: Unless you also make the mod account an Admin, as a moderator you will not be able to access the Admin functions. I am an Admin but don’t have a separate Mod account. I do have one Mod whom I trust that I also made an Admin… but she doesn’t mess with any Admin duties (afraid to mess up the forum? ). But should something happen to me - although I plan on living to 102 so I have 35 years to go - this Mod can take over. My other Mod is “just a Mod”.
The ‘system’ is the forum software. When you set up your forum you did set up an account for yourself, didn’t you? It seems that would be a requirement. When you post something, it should show it as being posted by you and not by the system. It seems strange that you posts would be shown as “system” and not from your username.