ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Jira)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-11244) Remove the user login security question
Date Sat, 01 Feb 2020 17:47:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028166#comment-17028166

Jacques Le Roux commented on OFBIZ-11244:

Hi Michael, I'm currently focused on OFBIZ-11306, so feel free to assign to yourself

> Remove the user login security question
> ---------------------------------------
>                 Key: OFBIZ-11244
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11244
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ecommerce, framework, party
>    Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, Release Branch
>            Reporter: Jacques Le Roux
>            Priority: Major
> After our discussion in dev ML at https://markmail.org/message/2dhc4al4adwgvl7z we will
remove this feature. This [~paulfoxworthy]'s remark is notably important:
> bq. Security is only as good as its weakest link ( https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html)
, and security questions can be a real weakness. Any organisation using OFBiz that really
hates passwords could look at security keys from Yubico or the like.

This message was sent by Atlassian Jira

View raw message