https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934 Fred King <fred.king@medstar.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fred.king@medstar.net --- Comment #6 from Fred King <fred.king@medstar.net> --- While I agree that your password criteria would be useful for many Koha institutions, they would not be for all of them. My Koha system used to be behind my institution's firewall, and we didn't need such strict security. I had to move it to a cloud server so all our staff could access it while they worked from home, but I think that for us, your proposed changes would be far too strict. #1: That's a lot of characters to remember. I work in a hospital where medical staff have access to extremely confidential information. Our minimum is eight characters. Even then, I usually end up writing mine down (in transliterated Cyrillic, so I think I'm minimizing the danger). #2: See https://xkcd.com/936/. I think he has a good point. #3: This one I agree with. I'd also recommend a minimum number of days before you can change it again, if you're considering letting people reuse passwords after x number of changes. ("Time to change my password, and I can't use my past three passwords. Well, I'll change it to cat, then owl, then cow, and then back to dog.") #4: Also challenging to low-spec systems that use more than one language. I'd really, really urge you to make this one optional. #5: Well, it's really useful on an in-house test system, but OK. I'm all in favor of protection, and I know full well that any online system can be attacked from anywhere. I'd just like the option to choose how many bars to put on the windows. -- You are receiving this mail because: You are watching all bug changes.