[Koha-bugs] [Bug 6220] koha puts default passwords but doesn't tell you what is

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Apr 20 19:11:57 CEST 2011


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220

--- Comment #4 from Fernando L. Canizo <conan at lugmen.org.ar> 2011-04-20 17:11:57 UTC ---
(In reply to comment #2)
> I don't really like the idea of a default password. People tend to keep
> passwords like that and never change them. I makes it much easier to hack
> patron accounts.
> 
> When you change a password Koha can already generate a new random password in
> the length specified in the sys prefs. I would like to see Koha generating a
> password like this one  upon saving a patron with an empty password field.
> Koha can send out this password as a mail to the patron, if the library wants
> to do this. We already can do this with manually entered passwords.
> 
> Ideal would be a to create a one time password and force the patron to change
> it when he logs into the OPAC for the first time. Perhaps these one time
> passwords should even expire after a given time or be validated by a mail to
> the patrons email account.

I agree to all:

- random one time passwords sent by email
- force patrons to change it on first login

And we wont need no changes into prefs.

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.


More information about the Koha-bugs mailing list