Patron Registration - Not Obvious Last 4 of Phone Used for Password

Bug #1817357 reported by Robert J Jackson on 2019-02-22
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Evergreen
Wishlist
Unassigned

Bug Description

webclient 3.2

When a site sets the "Patron: password from phone #" in library settings editor it is not clear that the last 4 of the phone number is being used.

Would be good to leave the pwd field blank in this case until the phone number is entered.

description: updated
Terran McCanna (tmccanna) wrote :

+1

Changed in evergreen:
importance: Undecided → Wishlist
tags: added: patron
Nathan Eady (mrmcquack) wrote :

Any four-digit number would be a ridiculously insecure password, and the last four digits of a phone number is even worse. If a patron specifically tells me, "set my password to 1234", that's one thing; but automatically doing this sort of thing without an explicit say-so from the patron is borderline criminal in states with privacy laws. The patron thinks they've signed up to check items out from the library, and in fact they've signed up to donate a list of all the books they've checked out to anyone who can look up or guess the last four digits of their phone number.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers