[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17043527#comment-17043527 ]
Jacques Le Roux commented on OFBIZ-11244: ----------------------------------------- Hi Wiebke, Yes please remove it from everywhere you can find it, TIA > Remove the user login security question > --------------------------------------- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party > Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, > Release Branch 18.12 > Reporter: Jacques Le Roux > Assignee: Michael Brohl > Priority: Major > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)