https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36602 Bug ID: 36602 Summary: Locked account requires a password change Change sponsored?: --- Product: Koha Version: 23.05 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Patrons Assignee: koha-bugs@lists.koha-community.org Reporter: cbrannon@cdalibrary.org QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com, kyle.m.hall@gmail.com It doesn't make sense that a password change is required for a locked account. Accounts are locked because someone has attempted to log into the account multiple times and has failed the threshold. This means that someone knows the account username, but doesn't know the password. If the threshold is not a low number, it is likely someone is trying to gain access to the account that should (especially if they don't use a forgot password method. It seems that the more logical approach is to require a card number and/or username change. I guess it is possible that it could be the patron/user and they are just really bad at password recovery, and persistent, but I'm still not convinced this is the most logical response to being locked out. A change in username would be more likely to thwart abusive users. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.