https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36602
Bug ID: 36602
Summary: Locked account requires a password change
Change sponsored?: ---
Product: Koha
Version: 23.05
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Patrons
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected], [email protected]
It doesn't make sense that a password change is required for a locked account.
Accounts are locked because someone has attempted to log into the account
multiple times and has failed the threshold. This means that someone knows the
account username, but doesn't know the password. If the threshold is not a low
number, it is likely someone is trying to gain access to the account that
should (especially if they don't use a forgot password method.
It seems that the more logical approach is to require a card number and/or
username change.
I guess it is possible that it could be the patron/user and they are just
really bad at password recovery, and persistent, but I'm still not convinced
this is the most logical response to being locked out. A change in username
would be more likely to thwart abusive users.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
