[Koha-bugs] [Bug 25934] RequireStrongPassword should be more complex (password policy complexity)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 6 17:44:21 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934
George Williams (NEKLS) <george at nekls.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |george at nekls.org
--- Comment #4 from George Williams (NEKLS) <george at nekls.org> ---
#1 - I completely disagree with #1. Why should we have a patch that will
inevitably force libraries to change their password policies without giving
them any choice in the matter? Koha gives libraries the flexibility to set
their own policies and this would take that flexibility away. I agree that a 3
character minimum password is a bad idea, but I don't think that the Koha
community should be forcing libraries from implementing bad ideas. I'm sure
there are instances were, in the right circumstances, short passwords make
sense for the libraries that are using them.
#2 - Bug 12617 would allow individual Koha libraries to define password
complexity on a patron-category-by-patron-category basis. I'd rather see work
proceed on that bug than force system-wide password complexity for all
accounts.
#3 - I could get behind this if it can be implemented on a
patron-category-by-patron-category basis. After the work is completed on bug
23816, that was something I was considering proposing as a development (along
with forcing password changes after XX days on a
patron-category-by-patron-category basis).
#4 - This should be optional. If Bug 12617 was patched, that would address
this issue, wouldn't it?
#5 - I can get behind this one.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list