[Bug 9920] New: Randomly generated suggested passwords are too weak
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Bug ID: 9920 Summary: Randomly generated suggested passwords are too weak Classification: Unclassified Change sponsored?: --- Product: Koha Version: 3.12 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Patrons Assignee: koha-bugs@lists.koha-community.org Reporter: peterAtKohaBugzilla@pck.co.nz CC: gmcharlt@gmail.com, kyle.m.hall@gmail.com On the koha/members/member-password.pl I asked it to suggest a password, and it suggested one with four characters. For the reasons discussed in bug 9885, that seems too few. The suggestion accepted there was twelve characters. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Magnus Enger <magnus@enger.priv.no> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |magnus@enger.priv.no --- Comment #1 from Magnus Enger <magnus@enger.priv.no> --- As far as I can tell, the password being generated by Koha respcts the minPasswordLength syspref, so libraries that want better security can just set this syspref to a high number. But perhaps it would be a good idea to set the default for minPasswordLength higher than 4? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 M. de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl --- Comment #2 from M. de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to comment #1)
As far as I can tell, the password being generated by Koha respcts the minPasswordLength syspref, so libraries that want better security can just set this syspref to a high number. But perhaps it would be a good idea to set the default for minPasswordLength higher than 4?
+1 for a higher default, but 12 may be a problem in terms of usability? Not mentioning passwords submitted over http :) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de Version|3.12 |master Summary|Randomly generated |Set minPasswordLength to a |suggested passwords are too |higher value by default |weak | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Peter Kelly <peterAtKohaBugzilla@pck.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |peterAtKohaBugzilla@pck.co. | |nz --- Comment #3 from Peter Kelly <peterAtKohaBugzilla@pck.co.nz> --- Created attachment 33134 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=33134&action=edit Patch to increase password length -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 --- Comment #4 from Peter Kelly <peterAtKohaBugzilla@pck.co.nz> --- To be honest, I haven't tested this patch. But it is so simple, "what could possibly go wrong". I don't have time to test it right now so am uploading it but leaving the status unchanged. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 --- Comment #5 from Peter Kelly <peterAtKohaBugzilla@pck.co.nz> --- Sorry, I should have said - the patch increases the default length to 12. The default length was discussed in bug 9885. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Aleisha Amohia <aleishaamohia@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aleishaamohia@hotmail.com Status|NEW |Needs Signoff --- Comment #6 from Aleisha Amohia <aleishaamohia@hotmail.com> --- Setting to Needs Signoff as it looks like this is ready to be tested by someone -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #7 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- This patch changes db rev 3.00.00.031. It should add a new db rev. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9920 Josef Moravec <josef.moravec@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |josef.moravec@gmail.com -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org