Hi …! I did set up a media server for the first time
Problem 1.
I share a flex account with my family
I have a family-only account with a pin number
My admin account has a pin number
The first time you connect from the web, the pin number is ignored and you’re connected to your administrator account.
Problem 2.
Family knows ID / PW of shared account
My family can reset the pin number to access the admin account.
Can you stop it?
thank you!
Disable auto-login, then you will always be asked for the PIN.
How and where can they reset any PIN? For me, only the admin can reset PINs.
1 - That is intentional. If you sign in with your admin account, it automatically uses that account.
2 - That is not possible to change the admin pin from another account. If you are able to do this, we’ll need exact steps to try and reproduce.
sad face security issue
if pin is enabled, it should ALWAYS be required even after logging in to a device the first time.
But why would you need the PIN screen if you already know the admin credentials? Keep in mind that the pin is not a way to keep users out. It’s a way to prevent accidentally switching to the admin account.
because folks who use MANAGED users for their family must either physically log into their users/kids/parents devices, or ‘share’ the admin login.
I fully understand that plex expects the admin user to do the logging in.
But REALITY says that the admin email/pass is shared among family/trusted users.
If there was a way to migrate users from MANAGED to regular HOME users with their own account, (IE as kids grow up), that might be ok, but still ignores the fact that admin credentials are still going to be shared for managed users.
Right, that’s the intent. So after logging in, you would switch to another user anyways, so why stop at a PIN screen. Go to “Switch user” and leave it there for the managed user.
Booo. If you share this, then there’s no point is having a PIN. Knowing the credentials would allow that person to change/remove the pin anyways.
Why bother creating a manages user if you share the admin credentials? The whole point of a password is so others don’t know it. A PIN is always less secure, so if you’ve already given away the keys, a “do not enter” sign isn’t going to help.
the point, and request is, the PIN (if enabled) should be REQUIRED in addition to the admin credentials.
if I share my plex credentials with my sister (because she is family but lives across the hallway/street/town/country and I don’t feel like yelling/walking/driving/flying over to setup her new phone/device/whatever), but she does not have my pin, she should not be able to log into my admin profile or make any changes to the server.
expected/desired steps
NOT this…
requiring the pin in addition to admin credentials would also help increase security against account hacks.
similar in manner to two factor authentication.
and if plex wanted to go all out, you could allow for increased security by having more flexible pins, more than 4 characters and not only digits.
and yes I understand that entering a 24 character profile password is not very fun, if someone wanted to do it, they should be able to.
People create home/managed users to share plex pass privileges so they don’t have to unlock family mobile devices.
also home users get dvr access and whatever other differences between a home user and shared non-home user.
People create managed users, because either they want to keep it simple for their family, or they simply DO NOT KNOW/Understand that your family can create their own plex account and they can be invited them to their home.
And once someone starts using a managed user, then they have play history etc they don’t want to lose.
ergo the desire to migrate managed user > dedicated account home user
Plex is looking to add more security, but the PIN is not the appropriate way. It’s like giving out your online banking password but not the ATM PIN.
You can do that with a regular Plex account too.
I give you that one. 
Right!
But people do not know or understand that, until AFTER someone points it out.
I did not know that originally myself. I had to have it proven to me. I even created a new account just to test it.
So yes, part of the problem is user error/user ignorance.
yes the documentation explains it.
documentation doesn’t help when it isn’t read or remembered.
and every time a new plex pass users creates a home and managed users, we get a new thread, and here we are.
Thanks for all the answers.
I got the desired result
I entered another account as my home user
I couldn’t figure out if other user menus require approval at this stage.
I tested it myself and after approval it was included in the general user.
Thank you all.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
