https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21187 Bug ID: 21187 Summary: GDPR: Force patrons password renew Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: vfernandes@keep.pt QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Under the auspices of the recently issued European legislation regarding data privacy (GDPR), the Portuguese government has issued a series of mandatory requirements, as well as general recommendations, for software applications that are implemented under the umbrella of public bodies (RCM 41/2018). Since Koha is mostly used by municipalities and universities in Portugal, some of these mandatory requirements need to be address by Koha implementers in Portugal. We believe that this requirement is also useful for the community at large. Here’s a description of the requirement. *** Requirement description *** The application MUST ensure that the user changes his password frequently. If the user doesn’t change is password it should be impeded from using the application until he does so. Having a setting where one can define the number of days until a password becomes invalid is necessary. The recommendation is 6 months for standard users, and 3 months for administrators. *** Scope *** Only applicable for passwords managed by Koha. When using a centralized authentication system, this task should be managed by the central authentication system. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.