Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-11244

Remove the user login security question

    XMLWordPrintableJSON

    Details

      Description

      After our discussion in dev ML at https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. This Paul Foxworthy's remark is notably important:

      Security is only as good as its weakest link ( https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , and security questions can be a real weakness. Any organisation using OFBiz that really hates passwords could look at security keys from Yubico or the like.

        Attachments

        1. OFBIZ-11244-framework.patch
          34 kB
          Wiebke Pätzold
        2. OFBIZ-11244-framework-correction.patch
          0.9 kB
          Wiebke Pätzold
        3. OFBIZ-11244-plugins.patch
          4 kB
          Wiebke Pätzold

          Activity

            People

            • Assignee:
              mbrohl Michael Brohl
              Reporter:
              jleroux Jacques Le Roux
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: