https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21314 Christopher Brannon <cbrannon@cdalibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cbrannon@cdalibrary.org --- Comment #16 from Christopher Brannon <cbrannon@cdalibrary.org> --- (In reply to Marcel de Rooy from comment #10)
+ if ( C4::Context->preference('RequireStrongPassword') ) { + $minPasswordLength = 3 if $minPasswordLength < 3; + }
How strong is that? LOL Imo we should enforce at least 8 chars or so, and educate users that security has a price.
Our library practices similar methods, and we've run into this issue as well. I've never liked software that tells users how to enforce their security. The options should be there, and how secure or insecure they choose to run it should be up to them. However, there are bugs, like https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33462 that focus on improving things in another way, which would give us more flexibility and options. It just feels like libraries are being forced to bend to the will of programmers based on personal opinions. There are a lot of minimum values that could be forced on libraries and their patrons, but that should be the choice of the library, not the program. Imo, our default passwords SHOULD be stronger. But I don't get to make that decision, so why should a developer? -- You are receiving this mail because: You are watching all bug changes.