[OFBIZ-11244] Remove the user login security question - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Implemented
Affects Version/s: Trunk
Fix Version/s: 22.01.01
Component/s: ecommerce, framework, party
Labels:
None

Description

After our discussion in dev ML at https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. This paulfoxworthy's remark is notably important:

Security is only as good as its weakest link ( https://s.apache.org/xp8da) , and security questions can be a real weakness. Any organisation using OFBiz that really hates passwords could look at security keys from Yubico or the like.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OFBIZ-11244-plugins.patch
25/Feb/20 08:12
4 kB
Wiebke Paetzold
OFBIZ-11244-framework-correction.patch
17/Mar/20 09:35
0.9 kB
Wiebke Paetzold
OFBIZ-11244-framework.patch
25/Feb/20 08:12
34 kB
Wiebke Paetzold

Activity

People

Assignee:: Michael Brohl

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 08/Oct/19 08:17

Updated:: 14/Sep/22 15:50

Resolved:: 17/Mar/20 11:38