Use password rules

Select this option if you're using password rules.

When the password rules are being used, borrowers who register online (or change/reset their password online) must enter a password that meets the criteria specified in the rules. If they don’t enter a password then one will be generated automatically.

Password mode

There are four modes to choose from.

Alpha only - Passwords must contain only alphabetic characters.
Numeric only - passwords must contain only numeric characters.
Alphanumeric - passwords may contain either alphabetic OR numeric characters.
Both alpha and numeric - passwords must contain both alphabetic AND numeric characters.

To allow space characters in passwords in server versions prior to 10.6.1, the regular expression in Update Details Parameters and Register Online Parameters must be updated to reflect that spaces are allowed.

e.g. where the regular expression (within single quotes) contains '^[-@./!$%#*& +\w]{13,256}$', it allows:

the listed special characters ^[-@./!$%#*& + (the space character is between the ampersand and plus signs)
with the \w operator, the numerals 0-9, and the characters a-z (both upper and lower case)
within the curly brackets, the minimum and maximum characters (minimum 13, maximum 256)

Rules

Minimum and maximum length

The minimum and maximum number of characters that a password may contain. The minimum length is 1 and the maximum is 256.

Check previous passwords

When this is selected, Spydus will check the password history to ensure that the same password is not used consecutively. If this parameter is set to 3, a user may not re-use a password until three other/different passwords have been used.

The maximum number of previous passwords that may be checked is 20.

Must include uppercase/lowercase character(s)

Select this to specify that at least one character in the password must be in the chosen case.

Must include numeric characters

Select this to specify that at least one character in the password must be a numeral.

Must include non-alphanumeric character(s)

Select this to specify that at least one character in the password must be a symbol or punctuation mark.

Must not the be the same as username or ID

Select this to specify that the password must not be the same as the user's ID or username.

Change Password

This feature requires server version 10.2.6 and above.

Enable change password at first login

Select this to specify that users must reset their password after logging in for the first time.

The usual case for this would be a new user receiving an assigned password on account creation which must be discarded, and a new secure password chosen.

Please contact Civica Support for assistance as commissioning is required.

Enable password expiry

Select this to specify that user passwords will expire. If enabled the Password expiry months/days must be set.

Password expiry months/days

Set the length of time before a password will expire.

Password expiry months and Password expiry days are cumulative.

Forbidden passwords

This feature requires server version 10.1.6.12 or higher.

Spydus can prevent commonly used, expected or compromised passwords from being chosen for staff and borrower accounts. Separate lists must be maintained for staff accounts and for borrowers.

Passwords may be manually added to or deleted from the exclusion list, or added in bulk with a text file using the Upload function. The text file should be in .txt format, with a single password on each line separated by a carriage return.

If a forbidden password is used when registering at the OPAC, the borrower will be be registered, but will be assigned a temporary password.

If a forbidden password is used when creating a staff user, creation will fail with the message Password is not allowed.

Attempting to update an existing password to a forbidden password in the OPAC or staff interfaces will fail with the message Password is not allowed.