Bug 1311936 - password security policy out of scale
Summary: password security policy out of scale
Keywords:
Status: CLOSED DUPLICATE of bug 1265066
Alias: None
Product: Bugzilla
Classification: Community
Component: Bugzilla General
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: PnT DevOps Devs
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-25 11:17 UTC by hdunkel
Modified: 2016-04-13 05:22 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-02-29 05:53:45 UTC
Embargoed:

Attachments (Terms of Use)

Description hdunkel 2016-02-25 11:17:13 UTC 
Description of problem:
Could you please accept the password policy for www.redhat.com on bugzilla.redhat.com? On www.redhat.com I am managing a lot of sensitive information (subscriptions, lists of servers, etc.) and yet I am allowed to use a safe and easy to remember password. bugzilla is "just" a bugtracker readable for everyone, not a high-security bank. Its password security policy is out of scale, compared to www.

Thanx in advance
Harri
Comment 1 Jason McDonald 2016-02-26 00:57:36 UTC 
(In reply to hdunkel from comment #0)
> bugzilla is "just" a bugtracker readable for everyone, not a
> high-security bank.

This statement is incorrect.  In addition to the bugs that are public, Red Hat Bugzilla contains a large volume of sensitive information that Red Hat is contractually obliged to protect.

The current password policy was set after we found that a significant number of users with access to sensitive data were using passwords that could only be classified as extremely weak.
Comment 2 Jeff Fearn 🐞 2016-02-29 05:53:45 UTC 

*** This bug has been marked as a duplicate of bug 1265066 ***
Comment 3 hdunkel 2016-04-13 05:22:25 UTC 
How about a single sign on for {www,bugzilla,etc}.redhat.com ?
Note You need to log in before you can comment on or make changes to this bug.