[jira] [Commented] (OFBIZ-11244) Remove the user login security question

Jacques Le Roux (Jira) Mon, 24 Feb 2020 05:48:50 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17043527#comment-17043527
 ]


Jacques Le Roux commented on OFBIZ-11244:
-----------------------------------------

Hi Wiebke,

Yes please remove it from everywhere you can find it, TIA

> Remove the user login security question
> ---------------------------------------
>
>                 Key: OFBIZ-11244
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11244
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ecommerce, framework, party
>    Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, 
> Release Branch 18.12
>            Reporter: Jacques Le Roux
>            Assignee: Michael Brohl
>            Priority: Major
>
> After our discussion in dev ML at 
> https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. 
> This [~paulfoxworthy]'s remark is notably important:
> bq. Security is only as good as its weakest link ( 
> https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , 
> and security questions can be a real weakness. Any organisation using OFBiz 
> that really hates passwords could look at security keys from Yubico or the 
> like.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (OFBIZ-11244) Remove the user login security question

Reply via email to