https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21314
Christopher Brannon <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #16 from Christopher Brannon <[email protected]> --- (In reply to Marcel de Rooy from comment #10) > + if ( C4::Context->preference('RequireStrongPassword') ) { > + $minPasswordLength = 3 if $minPasswordLength < 3; > + } > > How strong is that? LOL > Imo we should enforce at least 8 chars or so, and educate users that > security has a price. Our library practices similar methods, and we've run into this issue as well. I've never liked software that tells users how to enforce their security. The options should be there, and how secure or insecure they choose to run it should be up to them. However, there are bugs, like https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33462 that focus on improving things in another way, which would give us more flexibility and options. It just feels like libraries are being forced to bend to the will of programmers based on personal opinions. There are a lot of minimum values that could be forced on libraries and their patrons, but that should be the choice of the library, not the program. Imo, our default passwords SHOULD be stronger. But I don't get to make that decision, so why should a developer? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
