https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30088
--- Comment #18 from Klas Blomberg <klas.blomb...@skovde.se> --- I don't want to be a party-pooper, but we are contemplating to file a bug for making both email and userID mandatory The background for this: There has been a series of frauds in Sweden where the impostors have used the password recovery feature to deceive elderly people (80+ years) All swedish libraries use the equivalent to social security numbers as userID. The impostors have somehow got a list of social security numbers, and enters them one after another in password recovery. When they see that an email is sent they call the patron, saying they are calling form the library and wants to help them with their password-problem The patron gets confused and is asked to open his/her electronicID - and if they do the impostors use it to transfer money from their bank-account. One patron in a suburb to Stockholm lost 40000€ this way. Therefore we think it's too easy to recover passwords in the opac. By making both email and userID mandatory frauds like this will be next to impossible -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/