https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30088

--- Comment #18 from Klas Blomberg <klas.blomb...@skovde.se> ---
I don't want to be a party-pooper, but we are contemplating to file a bug for
making both email and userID mandatory

The background for this:
There has been a series of frauds in Sweden where the impostors have used the
password recovery feature to deceive elderly people (80+ years)

All swedish libraries use the equivalent to social security numbers as userID.
The impostors have somehow got a list of social security numbers, and enters
them one after another in password recovery.
When they see that an email is sent they call the patron, saying they are
calling form the library and wants to help them with their password-problem 
The patron gets confused and is asked to open his/her electronicID - and if
they do the impostors use it to transfer money from their bank-account.
One patron in a suburb to Stockholm lost 40000€ this way. Therefore we think
it's too easy to recover passwords in the opac.

By making both email and userID mandatory frauds like this will be next to
impossible

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to