Comment 10 for bug 1979570

Revision history for this message
Kathy Lussier (klussier) wrote :

I'm posting a link to the relevant bug - https://bugs.launchpad.net/evergreen/+bug/1013786. It doesn't sound like this code will address the feature requested there. That bug was seeking the restoration of a feature we used to have in the jspac days that checked for password strength when logging into the catalog, but didn't check for the strength when setting it in the patron editor. It supports a use case where the staff sets a fairly simple password when registering a patron and then forces them to strengthen it when they log into the catalog the first time.

When it comes to patron passwords, the goal should be to remove library staff from this process as much as possible. Password setting should be between the patron and the system. For that reason, I'm curious about the choice to include the message in the patron edit screen. This message will encourage staff to ask patrons what they would like to use for a new password, when we should really be encouraging patrons to set it themselves.

Thanks for getting started on this code Llewelyn! I'm looking forward to any improvements to password security in Evergreen!