Jump to content

Is it okay to have a weak password for Emby?

Ditendra

By Ditendra
in General/Windows

 Share
Go to solution Solved by rbjtech,

Recommended Posts

Ditendra

Ditendra 8

Posted
Posted

Is it okay if I have weak password for Emby in my Windows PC which streams to my Samsung TV? I mean, I have quite good security in my PC, so if my PC doesn't get infected or hacked, Emby will be fine with weak password too, right? Or Emby can get hacked without my PC being hacked?

The reason I set up weak password is because every time I manually update Emby in Tizen, I have to enter password every time and if I have long password it's pain in the arse to do it when you doing it with remote control.

  • Solution
rbjtech

rbjtech 5284

Posted
  • Solution
Posted

If it's local playback, then no issue at all - emby used to allow no passwords at all.  If remote , then by having a weak password you open yourself up to easy brute force attacks but the actual account is obviously presented no different to any other - ie any potential attacker does not know it is weak until the password is guessed.  For that reason, just adding the same character multiple times to the start, middle or end (ie easy to enter) is actually significantly increasing the entropy of the password - known as padding.  ie dog is a bad password but dddoooggg is significantly stronger. 

  • Like 4
pwhodges

pwhodges 2012

Posted
Posted (edited)

That's neat - but sadly some password input checkers forbid repeating a character more than twice in succession...

Paul

Edited by pwhodges
Ditendra

Ditendra 8

Posted
  • Author
Posted
1 hour ago, rbjtech said:

If it's local playback, then no issue at all - emby used to allow no passwords at all.  If remote , then by having a weak password you open yourself up to easy brute force attacks but the actual account is obviously presented no different to any other - ie any potential attacker does not know it is weak until the password is guessed.  For that reason, just adding the same character multiple times to the start, middle or end (ie easy to enter) is actually significantly increasing the entropy of the password - known as padding.  ie dog is a bad password but dddoooggg is significantly stronger. 

It's only local playback. Thank you.

  • Like 1
Carlo

Carlo 4561

Posted
Posted

Also, check the password tab in the Users Menu.  You can set a PIN.
On the Profile tab enable "Hide this user from login screens on devices they've never signed into"

Now, if you login once on a device Emby knows the device and will show a list of people who have logged in there previously.  You can choose your account then use your PIN.
Make this change for all users.  Now if anyone was to get access to your server from the Internet, they won't get a list of usernames to try and log in with. They now need to try and guess.


If you want to have fun, create a couple honey pot accounts with one having a name like "AdminBob".
Set the accounts up with long crazy passwords that are randomly generated.
Make sure these accounts have no access to anything even if logged in.
Enable: "Hide this user from login screens on the local network"
Not Enabled: "Hide this user from login screens when connected remotely"
Not Enabled: "Hide this user from login screens on devices they've never signed into".


 

This 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...