How to require strong passwords for patron accounts
A password is required to be able to login to a patron account. This document will outline the system preferences that determine the required length and strength of a password on a patron account, as well as options for setting exceptions to these preferences at the patron category level
System preferences
There are two system preferences that can be used to alter the strength of patron passwords minPasswordLength and RequireStrongPassword.
minPasswordLength
Go to Koha administration > Global System Preferences and search for minPasswordLength
This will bring up a system preference of the same name:
This system preference will have a box where the number of characters any password created on the system should have can be set. To change the minimum length a patron password must be, input the appropriate number in the box and click the Save all Patrons preferences.
Please note that changing the required length of patron passwords with this system preference will not impact on passwords that have already been set. Only new passwords, or updating existing passwords will reflect the change to the system preference.
RequireStrongPassword
Go to Koha administration > Global System Preferences and search for RequireStrongPassword
This will bring up a system preference of the same name:
Enabling this system preference will mean that any passwords added to a patron account will need to include a minimum of one digit, one lowercase letter and one uppercase letter.
To enable this system preference set it to Require a strong password for staff and patrons and click Save all Patrons preferences.
Please not that enabling this system preference will not impact on passwords that have already been set. Only new passwords, or updating existing passwords will reflect the change to the system preference.
Settings on individual patron categories
In addition to being able to set global settings for password strength with the above system preferences, exceptions can be set at the patron category level.
Go to Koha administration > Patrons and circulation > Patron categories
This will bring up the patron category table, which contains all patron categories on your site:
Identify the patron category to add a password strength exception on and click the Edit button under the Actions column for the row the identified patron category is on.
This will bring up the page of details for the selected patron:
At the bottom of the form, there will be the options for Minimum password length and Require strong password options:
These options will default to follow whatever is set in the system preferences.
Minimum password length:
This will be a blank box where you can type in the number of digits the password should require.
If this box is filled in with a number different from what is recorded in the system preference minPasswordLength, then any patron created under patron category will require a password the length defined for this specific patron category. For example, if the minPasswordLength system preference is set to 3 but the Minimum password length field in the patron category for GR is set to 6, any patron created with the patron category GR will need at least 6 letter password. Any other patron category will require at least a 3 letter password.
Require strong password
This includes a dropdown menu of options:
Follow system preference RequireStrongPassword
This setting means that patrons added under the patron category will only require a strong password if the RequireStrongPassword system preference is enabled.
Yes
This setting means that any passwords added to a patron account created with the patron category will need to include a minimum of one digit, one lowercase letter and one uppercase letter.
No
This setting means that any passwords added to a patron account created with the patron category will not need to include a minimum of one digit, one lowercase letter and one uppercase letter.
1.2 | 22/04/21 | Adding details and screenshot | Holly Cooper |
1.3 | 27/04/21 | Adding details | Holly Cooper |
Related Articles
Patron attributes on the registration form
Extended patron attributes are cus tom fields that can be added to the patron registration form as the library needs them. They can be free text fields or can have a set number of options for users to select from. Step 1 - The Patron Registration ...How to enable self-registration for patrons on the OPAC
It is possible to allow people to self register for accounts on the OPAC by enabling the self registration form. This document will walk through the basic steps for enabling this function. Find the System Preferences Go to Koha administration > ...How to make fields on the borrower registration form mandatory
This document will outline how to require a specific field be filled out when a new patron is being created. + New patron form before marking a field as mandatory Navigate to the patron add form through Patrons > New patron dropdown and choose any ...How to view the Patron Categories saved on your site
This document outlines how to view patron categories which already exist on your site and explains the purpose of the different fields that will need to be addressed to create new patron categories. Relevance of patron categories Patron categories ...How to use the Quick add new patron option
There are several options for adding a patron to the site. This article will outline how to swiftly add a simplified patron account through a process that priorities speed over creating a detailed record. Navigating to the + Quick add new patron tool ...