After installing the latest DSM version 6.2.4-25556 some users have complained about receiving an Admin Account Security DSM notification telling them the following:
Admin Account Security: The default account “admin” is vulnerable to brute-force attacks, which may lead to ransomware attacks. Click here to create another administrator account, sign in with the new account, and disable “admin”.
With this update, Synology is notifying its users to change their current admin account. Note: Keep in mind that you can’t rename or delete the current ‘admin’ account. The best practice is to create a second account with admin privileges in Control Panel / User & Group / Create, and disable the current ‘admin’ account completely. You have to remember that the ‘admin’ user is the easiest name you can choose, and the most likely to be targeted by hackers. This is a good recommendation from Synology, one that will help you avoid many problems in the future.
Note: To disable the current admin account first of all create a new user with administrator privileges in Control Panel / User & Group / Create. After the new user with administrator privileges is created, select the old account “admin” then click the Edit tab. After clicking the Edit tab, a new window will open. Check ‘Disable this account’, check ‘Immediately’, then Save. Follow the instructions in the image below.
Now you can connect to your DSM using your new user with administrator privileges. Your Admin Account Security notification will disappear forever and you will enjoy better security.
Note: Creating a user account with admin privileges, and choosing a name other than admin, will make it a bit harder for ill-intended people to figure out your admin username and gain access to your NAS.
This post was updated on Sunday / March 14th, 2021 at 11:47 PM