[Koha-bugs] [Bug 21187] New: GDPR: Force patrons password renew

Thu Aug 9 15:25:56 CEST 2018

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21187

            Bug ID: 21187
           Summary: GDPR: Force patrons password renew
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: vfernandes at keep.pt
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

Under the auspices of the recently issued European legislation regarding data
privacy (GDPR), the Portuguese government has issued a series of mandatory
requirements, as well as general recommendations, for software applications
that are implemented under the umbrella of public bodies (RCM 41/2018).

Since Koha is mostly used by municipalities and universities in Portugal, some
of these mandatory requirements need to be address by Koha implementers in
Portugal.

We believe that this requirement is also useful for the community at large.
Here’s a description of the requirement.

*** Requirement description ***

The application MUST ensure that the user changes his password frequently. If
the user doesn’t change is password it should be impeded from using the
application until he does so.

Having a setting where one can define the number of days until a password
becomes invalid is necessary. The recommendation is 6 months for standard
users, and 3 months for administrators.

*** Scope ***

Only applicable for passwords managed by Koha. When using a centralized
authentication system, this task should be managed by the central
authentication system.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.