Configuration Console does not easily support complex password initialisation and username customisation #544
Description
For security I use 32 character random usernames and 64 character random passwords. If you have looked at the power of modern hash-table based password crackers (e.g. https://crackstation.net/) the days of simple usernames and semi-long random passwords is dead.
It is painful to try to enter a very long random password one character at a time via the Configuration Console in a LAMP stack initialisation with confirmation for VM, MySQL AND WordPress!
You can currently enter a short password as a placeholder then go back and change them all at the Linux and application level but that breaks from the TKLX tradition of being reasonably simple for the less sophisticated user base. There is also no means to change the username within the configuration console wizard flow.
If the Configuration Console supported cut & paste this would be greatly simplified. NOTE: I use Putty which supports cut & paste at the command-line level so I would think this would be technically feasible...wouldn't it!
A simpler and more useful solution might be for the Configuration Console to add a password-length checkbox and a random character generator and just generate the new password.
An even better enhancement is for the Configuration Console to offer the option to change the username as well and with the same password-length checkbox and random character generator option.
On a WordPress appliance, for example, you can't have an "admin" account because it will be probed up to a few hundred times a day by cracking robots and if you have an "admin" account it will get a focused attack at some point and will break. Firewalls are of no use because the crackers are randomising the IP addresses out of a huge pool and cycling them every 9-10 attempts. You can't rename a WordPress admin account so the current post-install process is to add a new "scramblednameadminuser" with admin rights, then log out as the old admin, log in as the new admin and delete the old admin. This is a manual post-install step that is unlikely to be done by the less technically sophisticated TKLX audience but should be.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.