You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2019/10/08 08:18:00 UTC

[jira] [Created] (OFBIZ-11244) Remove the user login security question

Jacques Le Roux created OFBIZ-11244:
---------------------------------------

             Summary: Remove the user login security question
                 Key: OFBIZ-11244
                 URL: https://issues.apache.org/jira/browse/OFBIZ-11244
             Project: OFBiz
          Issue Type: Improvement
          Components: ecommerce, framework, party
    Affects Versions: Release Branch 16.11, Trunk, Release Branch 17.12, Release Branch 18.12
            Reporter: Jacques Le Roux


After our discussion in dev ML at https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. This [~paulfoxworthy]'s remark is notably important:

bq. Security is only as good as its weakest link ( https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , and security questions can be a real weakness. Any organisation using OFBiz that really hates passwords could look at security keys from Yubico or the like.




--
This message was sent by Atlassian Jira
(v8.3.4#803005)