Comment 2 for bug 1817357

Any four-digit number would be a ridiculously insecure password, and the last four digits of a phone number is even worse. If a patron specifically tells me, "set my password to 1234", that's one thing; but automatically doing this sort of thing without an explicit say-so from the patron is borderline criminal in states with privacy laws. The patron thinks they've signed up to check items out from the library, and in fact they've signed up to donate a list of all the books they've checked out to anyone who can look up or guess the last four digits of their phone number.