Spydus Help
Maintenance / Circulation maintenance / Password rules for borrowers and users
In This Topic
    Password rules for borrowers and users
    In This Topic

    To set up the password rules for borrowers:

    1. Navigate to Maintenance > Circulation > Borrower Password Rules.
    2. Configure parameters as required (see below).
    3. Click Save or Save & Close.

    To set up the password rules for Spydus users:

    1. Navigate to MaintenanceGeneral > User Password Rules.
    2. Configure parameters as required (see below).
    3. Click Save or Save & Close.

    Use password rules

    Select this option if you're using password rules.

    When the password rules are being used, borrowers who register online (or change/reset their password online) must enter a password that meets the criteria specified in the rules. If they don’t enter a password then one will be generated automatically.

    Password mode

    There are four modes to choose from.

    To allow space characters in passwords in server versions prior to 10.6.1, the regular expression in Update Details Parameters and Register Online Parameters must be updated to reflect that spaces are allowed.

    e.g. where the regular expression (within single quotes) contains '^[-@./!$%#*& +\w]{13,256}$', it allows:

    • the listed special characters ^[-@./!$%#*& + (the space character is between the ampersand and plus signs)
    • with the \w operator, the numerals 0-9, and the characters a-z (both upper and lower case)
    • within the curly brackets, the minimum and maximum characters (minimum 13, maximum 256)

    Rules

    Minimum and maximum length

    The minimum and maximum number of characters that a password may contain. The minimum length is 1 and the maximum is 256.

    Check previous passwords

    When this is selected, Spydus will check the password history to ensure that the same password is not used consecutively. If this parameter is set to 3, a user may not re-use a password until three other/different passwords have been used.

    The maximum number of previous passwords that may be checked is 20.

    Must include uppercase/lowercase character(s)

    Select this to specify that at least one character in the password must be in the chosen case.

    Must include numeric characters

    Select this to specify that at least one character in the password must be a numeral.

    Must include non-alphanumeric character(s)

    Select this to specify that at least one character in the password must be a symbol or punctuation mark.

    Must not the be the same as username or ID

    Select this to specify that the password must not be the same as the user's ID or username.

    Change Password

    This feature requires server version 10.2.6 and above. 

    Enable change password at first login

    Select this to specify that users must reset their password after logging in for the first time.

    The usual case for this would be a new user receiving an assigned password on account creation which must be discarded, and a new secure password chosen. 
    Please contact Civica Support for assistance as commissioning is required.  

    Enable password expiry

    Select this to specify that user passwords will expire. If enabled the Password expiry months/days must be set.

    Password expiry months/days

    Set the length of time before a password will expire.

    Password expiry months and Password expiry days are cumulative.

    Forbidden passwords

    This feature requires server version 10.1.6.12 or higher.

    Spydus can prevent commonly used, expected or compromised passwords from being chosen for staff and borrower accounts. Separate lists must be maintained for staff accounts and for borrowers.

    Passwords may be manually added to or deleted from the exclusion list, or added in bulk with a text file using the Upload function. The text file should be in .txt format, with a single password on each line separated by a carriage return.

    If a forbidden password is used when registering at the OPAC, the borrower will be be registered, but will be assigned a temporary password.

    If a forbidden password is used when creating a staff user, creation will fail with the message Password is not allowed.

    Attempting to update an existing password to a forbidden password in the OPAC or staff interfaces will fail with the message Password is not allowed.