You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Michael Brohl (Jira)" <ji...@apache.org> on 2020/03/13 16:41:00 UTC

[jira] [Closed] (OFBIZ-11244) Remove the user login security question

     [ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Brohl closed OFBIZ-11244.
---------------------------------
    Fix Version/s: Upcoming Branch
       Resolution: Implemented

Thanks [~wpaetzold] , this is commited now.

> Remove the user login security question
> ---------------------------------------
>
>                 Key: OFBIZ-11244
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11244
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ecommerce, framework, party
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Michael Brohl
>            Priority: Major
>             Fix For: Upcoming Branch
>
>         Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch
>
>
> After our discussion in dev ML at https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. This [~paulfoxworthy]'s remark is notably important:
> bq. Security is only as good as its weakest link ( https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , and security questions can be a real weakness. Any organisation using OFBiz that really hates passwords could look at security keys from Yubico or the like.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)