Wax630 unsafe admin are used

It's not about admin as a username is unsafe - it's about not using the default username admin, replacing by something different, to unbind the realation between eg. the network accessible fingerprints (MAC, login pages, ...) and the well known default usernames.

Currently, the admin username is used at different points. Of course, renaming should be possible, but requires some more changes and enhancements at various points, beyond the local standalone product. RaghuHR please pick this up.

The idea of changing admin to a different identity is not to add form obscure username. Taking the bigger picture, needing a identities is common in enterprise environments. All identities are held typically in Active Directory, LDAP, RADIUS, TACACS+, PKI, or even local. And everywhere SSO is involved, it's "just" te key to the identity, resp. the group membership, which defines the roles the user has.

Considering the admin layer should be isolated, eg. ideally a dedicated management VLAN, does limit the access vector much better than a random username like #$&-$+()/%** - what looks smart from the crypto randomisation prospective, but is a nightmare for the handling in general. That's why supporting random strings for usernames does not gain momentum.

Overall, much more access security could be gained by using certificates, bound to the users identity, and then roles reflected by group membership for example. But by far not all users, SOHO, SMB, ... have such an infrastructure deployed. Last but not least, in case of a worst case scenario, the admins still need some local backup access.

Just my thoughts ...