Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
Learn More
SOLVED

AEM6.5 On-premise admin password change process and issue if any

Avatar

Level 5
Level 5
8/24/23 7:10:48 PM

Hi Team,

 

Currently i am changing the AEM6.5 default admin account password every month using below process . Is this recommended  & any issue if we frequently changing the "admin" password for authors and publish servers?

 

Author instance :

User User admin console the search for "admin" then change the password 

 

publish instance 

http://hostname:4503/crx/explorer/index.jsp

change the password 

 

Regards

Vara

Views

251

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/24/23 10:26:28 PM

Hello @varaande 

 

Regularly changing passwords is generally considered a good security practice to mitigate the risks associated with unauthorized access. However, the frequency at which you should change passwords, including the admin password for AEM (Adobe Experience Manager), depends on a variety of factors and should be balanced with usability and operational efficiency.

 

Here are some points to consider:

1. Security Enhancement: Regular password changes reduce the window of opportunity for attackers to gain unauthorized access using compromised credentials.

2. Compliance: In some industries and organizations, frequent password changes are required to comply with security regulations and standards.

 

Considerations and Potential Issues:

1. Administrative Overhead: Frequent password changes can increase administrative workload

2. Communication: Regularly informing users about password changes can be time-consuming.

 

Recommendations:

1. Risk Assessment: Evaluate the risk level of your AEM instances. Critical systems might warrant more frequent changes than non-critical ones.

2. Balanced Frequency: Determine a reasonable password change frequency that balances security and usability. Monthly changes might be suitable for some organizations, but others might find quarterly changes more appropriate.

 

We do not expect any issues with the change of admin passwords.

But, please do raise an Adobe ticket to check on the recommendations for the same

Aanchal Sikka

View solution in original post

Views

233

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Level 8
Level 8
8/24/23 9:45:12 PM

Hi @varaande 

As per adobe recommendation admin password for accessing crx and the webconsole should be changed after installation to make sure the environment is kept secure. 

Please find the security checklist link

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/security-checkl...

 

As per my understanding there is no issue with updating the password frequently , usually organizations demands password rotation and in that case this process is followed quarterly or in case if any password is compromised immediate changing is recommended.

 

 

Views

246

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
8/24/23 10:26:28 PM

Hello @varaande 

 

Regularly changing passwords is generally considered a good security practice to mitigate the risks associated with unauthorized access. However, the frequency at which you should change passwords, including the admin password for AEM (Adobe Experience Manager), depends on a variety of factors and should be balanced with usability and operational efficiency.

 

Here are some points to consider:

1. Security Enhancement: Regular password changes reduce the window of opportunity for attackers to gain unauthorized access using compromised credentials.

2. Compliance: In some industries and organizations, frequent password changes are required to comply with security regulations and standards.

 

Considerations and Potential Issues:

1. Administrative Overhead: Frequent password changes can increase administrative workload

2. Communication: Regularly informing users about password changes can be time-consuming.

 

Recommendations:

1. Risk Assessment: Evaluate the risk level of your AEM instances. Critical systems might warrant more frequent changes than non-critical ones.

2. Balanced Frequency: Determine a reasonable password change frequency that balances security and usability. Monthly changes might be suitable for some organizations, but others might find quarterly changes more appropriate.

 

We do not expect any issues with the change of admin passwords.

But, please do raise an Adobe ticket to check on the recommendations for the same

Aanchal Sikka

Views

234

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
GraphQL Endpoint for Preview Service throwing QueryType Invalid Schema must define one or more fields for Persisted Query

Views

205

Likes

0

Replies

0
\/etc/designs folder not installing on publisher

Views

46

Likes

0

Replies

1
Restriction on Folder Level

Views

75

Likes

0

Replies

5
Static templates and custom components to core components and editable templates

Views

60

Likes

0

Replies

2
Workflow Model not working for parent folders and files

Views

38

Likes

0

Replies

0