[Koha-bugs] [Bug 21314] Koha enforces three (3) character password length even if RequireStrongPassword is disabled
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Sep 5 20:30:27 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21314
Benjamin Daeuber <bdaeuber at cityoffargo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bdaeuber at cityoffargo.com
--- Comment #13 from Benjamin Daeuber <bdaeuber at cityoffargo.com> ---
(In reply to Marcel de Rooy from comment #10)
> + if ( C4::Context->preference('RequireStrongPassword') ) {
> + $minPasswordLength = 3 if $minPasswordLength < 3;
> + }
>
> How strong is that? LOL
> Imo we should enforce at least 8 chars or so, and educate users that
> security has a price.
As the library in question, I have to say that I agree with you personally, but
professionally I believe this would be a barrier to service. We serve a broad
range from the very young to very old to customers with severe learning
disabilities. Education is simply not always an option. Users have to use their
password to access public computers (as well as a variety of other services)
and the true outcome here is that we would spend our time resetting passwords
all day long.
Last names are easy to remember and secure enough to prevent abuse when cards
are lost (which a default password would not be).
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list