[OPEN-ILS-GENERAL] Password reset uses phone number fails: EG2.2
Jason Stephenson
jstephenson at mvlc.org
Fri Aug 3 09:27:00 EDT 2012
Quoting Thomas Berezansky <tsbere at mvlc.org>:
> All future resets would still be random.
Because resetting someone's password to something that is basically
public information, their phone number, is asking for accounts to be
hijacked.
--
Jason Stephenson
Assistant Director for Technology Services
Merrimack Valley Library Consortium
Chief Bug Wrangler, Evergreen ILS
More information about the Open-ils-general
mailing list