Hi together,
i am not sure if this has already been requested but i would like to have a little more security among all users on my server. What about Alphanumeric Pins or at least 5-6 digit Pins? Its pretty easy for kids to try out some Pins over time 
Thx for reading!
I agree. A longer pin, or even better customisable complexity would be a great feature for these passwords.
I also vote for this, I believe a 4 digit PIN is too short, 6 or 7 digits, plus also allow for alphanumeric combinations would be a lot more secure, I would love to see something like this, any ideas if something like this has been planned?
I would like this as well. 4-digit pins are not very secure in this day and age. Please consider voting for this feature if youāre reading this!
2020 checking in!
I happen to have 5 home users that are very adamant about discovering what is behind the PIN and so they are crowd-sourcing the brute-force entry amongst themselves and 9999 is just not enough.
Can you please provide the ability to have a longer PIN, perhaps something up to 8?
Iād want an optional authentication method. Ask the admin(s) to verify the login in the app instead of asking for a pin/password on the client. Then I can simply unlock my phone and hit āacceptā instead of all these pins/passwords. And no-one can brute force pins.
+1
should at least be alphanumeric & a pin of 6+ digits
This is going to be a must have for me too. Kids are very mischievous.
ARE YOU KIDDINGā¦Id just like to login to my server without having to go to
plex website everytime I logonā¦
I agree I have sensitive content and I donāt want my shared users to be able to access it I have hidden it with the users not having access to the folder and the main account via PIN but only 4 digits stand between them and the content. Id feel safer with at least 6 especially when I was the kid who used to try different combos write down the unsuccessful ones to brute force the 4 digit Pin on my parents TV service so I could watch stuff I wasnāt supposed to Spoiler i figured out the password multiple times so please make this or at least allow me to disable the main account on shared profiles not being able to sign into the main account.
I donāt think that the Plex pin should be alphanumeric or have 4+ digits (if so it should be optional for the admin to set).
I would be happy if they had a limit on how many times I could attempt a pin combination likeā¦ X failed attempts and itās locked for a minute and if you then make 3 failed attempts its 5 minutesā¦ and the locked period should increase in that way foreverā¦ I should still have the reset pin option. This way a simple Brute force attack would not work as it does now.
you have 0000 to 9999 combinations, if your kid can make a bruteforce program, that will be a piece of cake. I prefer numerical which works perfectly in Android TV. 4 digit numerical number is enough for home use, no ones gonna bruteforce the admin account at home, I guess.
Edit: changing account email is protected by your password at the first place.
So, are you saying it would be overkill to have āX failed attempts lockā on the home user pin?
In my opinion, it would have no effect on a legit user and a huge effect on people who would abuse the low security on home pin.
Nope, I totally agreed and like your opinion to have some kind of option for a temporary lock for failed attempts. BTW, thereās a tool like āfail2banā which can watch the log patterns for you and perform some actions if it reaches a certain threshold, but yeah, having this in Plex out of the box would be nice to have also.
PS: The only thing which Iām against is the long pin or alphanumeric pins because will be hard for a TV without a keyboard. So I totally agreed with you.
I mean it canāt be that hard to add 2 more digits to a pin literally a line of code change, with that being said temporary lock still doesnāt solve the overall issue. Again that doesnāt deter the eventually brute force of the user just mean it takes more time Dish used to have a 5 minute lockout after 4 attempts and i still figured out the password and going the other extreme the way apple does in increasing the lockout period is a dumb option I know a kid who locked out his Ipod for literally 40+ years obviously this was fixed by resetting the device but rather not have to call support or reset Plex to fix the issue.
I guess great minds think alike then!
Well, the eternal lockout period would not apply in this case. You should still have the ability to change/reset your pin code using your account_id/password. Still, because of that, I think the increasing pin attempt cool down would work, but you are right about the eventual brute force still workingā¦ Luck is the ultimate superpower
3 digits 1000 Possible combinations
4 digits = 10,000 Possible combinations
5 digits = 100,000 Possiblecombinations
6 Digits = 1 Million
Hypothetical someone walks in and sees/learns one of the possible numbers you now have a 3 digit code leaving 1000 possible combinations.
All im saying is that i feel more comfortable with a 6 pin combination vs a 4, I also agree that it should be optional based on your preferences if you want no code then that should be an option if you want 6 make it a 6.
Looks like they have some hidden lock on the pin-attempts.
Used this to try and bruteforce my own home user pin. If I attempt the correct pin after 10/20 attempts it will not react on it in anyway but after x-time it will take the correct key again.
https://github.com/Mr-Idjit/BFPP/tree/main/BruteForcePlexPin/Version%202 -
Its far from perfect but if you give it a try make sure to use version 2.
I agree at least a 6 digit pin or the option to decide how many digits would be ideal
However, seeing how this thread is over a year old it does not look like plex plans on listening to any of us so, probably a wasted argument
