How to require strong passwords for patron accounts
A password is required to be able to login to a patron account. This document will outline the system preferences that determine the required length and strength of a password on a patron account, as well as options for setting exceptions to these preferences at the patron category level
System preferences
There are two system preferences that can be used to alter the strength of patron passwords minPasswordLength and RequireStrongPassword.
minPasswordLength
Go to Koha administration > Global System Preferences and search for minPasswordLength
This will bring up a system preference of the same name:
This system preference will have a box where the number of characters any password created on the system should have can be set. To change the minimum length a patron password must be, input the appropriate number in the box and click the Save all Patrons preferences.
Please note that changing the required length of patron passwords with this system preference will not impact on passwords that have already been set. Only new passwords, or updating existing passwords will reflect the change to the system preference.
RequireStrongPassword
Go to Koha administration > Global System Preferences and search for RequireStrongPassword
This will bring up a system preference of the same name:
Enabling this system preference will mean that any passwords added to a patron account will need to include a minimum of one digit, one lowercase letter and one uppercase letter.
To enable this system preference set it to Require a strong password for staff and patrons and click Save all Patrons preferences.
Please not that enabling this system preference will not impact on passwords that have already been set. Only new passwords, or updating existing passwords will reflect the change to the system preference.
Settings on individual patron categories
In addition to being able to set global settings for password strength with the above system preferences, exceptions can be set at the patron category level.
Go to Koha administration > Patrons and circulation > Patron categories
This will bring up the patron category table, which contains all patron categories on your site:
Identify the patron category to add a password strength exception on and click the Edit button under the Actions column for the row the identified patron category is on.
This will bring up the page of details for the selected patron:
At the bottom of the form, there will be the options for Minimum password length and Require strong password options:
These options will default to follow whatever is set in the system preferences.
Minimum password length:
This will be a blank box where you can type in the number of digits the password should require.
If this box is filled in with a number different from what is recorded in the system preference minPasswordLength, then any patron created under patron category will require a password the length defined for this specific patron category. For example, if the minPasswordLength system preference is set to 3 but the Minimum password length field in the patron category for GR is set to 6, any patron created with the patron category GR will need at least 6 letter password. Any other patron category will require at least a 3 letter password.
Require strong password
This includes a dropdown menu of options:
Follow system preference RequireStrongPassword
This setting means that patrons added under the patron category will only require a strong password if the RequireStrongPassword system preference is enabled.
Yes
This setting means that any passwords added to a patron account created with the patron category will need to include a minimum of one digit, one lowercase letter and one uppercase letter.
No
This setting means that any passwords added to a patron account created with the patron category will not need to include a minimum of one digit, one lowercase letter and one uppercase letter.
1.2 | 22/04/21 | Adding details and screenshot | Holly Cooper |
1.3 | 27/04/21 | Adding details | Holly Cooper |
Related Articles
How to create a new patron account
This document will outline how to manually add a new patron account. Step 1 - Find the tool to add new patrons Go to Patrons module on the homepage. There will be two options, add a new patron or use the Quick add new patron. Clicking on either ...Patron attributes on the self registration form
Extended patron attributes are custom fields that can be added to the patron registration form as the library needs them. They can be free text fields or can have a set number of options for users to select from. For a tour of the patron attribute ...How to enable self-registration for patrons on the OPAC
This document will outline how to enable the basic self registration form on the OPAC, so that patrons without accounts can apply for accounts to be created. In addition to the basic set up outlined in this document, there are several other ...How to view the Patron Categories saved on your site
Patron categories are important because they are used within the fine and circulation rules to determine which items can be taken out by which patrons and for how long. They can also be used to determine a variety of features and functions that will ...How the Forgot Password functionality works
The intention of this document is to show how to enable the Forgot Password function on the OPAC and outline some options for how this feature can be used. Step 1 - Setting a Forgot Password Link on the OPAC Go to Koha Administration > Global System ...