[Bug 33461] New: Password reset should act like patron expiration when there are no notices available
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33461 Bug ID: 33461 Summary: Password reset should act like patron expiration when there are no notices available Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Patrons Assignee: koha-bugs@lists.koha-community.org Reporter: cbrannon@cdalibrary.org QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com, kyle.m.hall@gmail.com A password reset sends an email to a patron when executed. The following should be considered: 1) We should allow other delivery methods 2) If a patron doesn't have a delivery method, we should be able to use a method like password expiration, but Koha should generate a code that is put in place of the password. The patron has to put in the code in order to change the password. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33461 --- Comment #1 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- The email verification acts as a "second factor". By proving they have access to the email account, the user is verified. Same could be used for SMS/text messages when they need to have access to the phone. I am not sure where a code would come in and how would it be communicated to the user? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33461 --- Comment #2 from Christopher Brannon <cbrannon@cdalibrary.org> --- (In reply to Katrin Fischer from comment #1)
I am not sure where a code would come in and how would it be communicated to the user?
If staff set the reset for a patron, we are usually confirming the patron through other means (via photo id or questions via phone). If the system sees that there is no email or text, it could generate the code and put it in place of the password, and the staff can tell the patron what that code is. This guarantees that only the person they verified with can reset the password, not just someone that might have access to the link. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org