To set up the password rules for borrowers:
To set up the password rules for Spydus users:
Select this option if you're using password rules.
There are four modes to choose from.
To allow space characters in passwords in server versions prior to 10.6.1, the regular expression in Update Details Parameters and Register Online Parameters must be updated to reflect that spaces are allowed.
e.g. where the regular expression (within single quotes) contains '^[-@./!$%#*& +\w]{13,256}$', it allows:
The minimum and maximum number of characters that a password may contain. The minimum length is 1 and the maximum is 256.
When this is selected, Spydus will check the password history to ensure that the same password is not used consecutively. If this parameter is set to 3, a user may not re-use a password until three other/different passwords have been used.
The maximum number of previous passwords that may be checked is 20.
Select this to specify that at least one character in the password must be in the chosen case.
Select this to specify that at least one character in the password must be a numeral.
Select this to specify that at least one character in the password must be a symbol or punctuation mark.
Select this to specify that the password must not be the same as the user's ID or username.
This feature requires server version 10.2.6 and above. |
Select this to specify that users must reset their password after logging in for the first time.
The usual case for this would be a new user receiving an assigned password on account creation which must be discarded, and a new secure password chosen. |
Please contact Civica Support for assistance as commissioning is required. |
Select this to specify that user passwords will expire. If enabled the Password expiry months/days must be set.
Set the length of time before a password will expire.
This feature requires server version 10.1.6.12 or higher.
Spydus can prevent commonly used, expected or compromised passwords from being chosen for staff and borrower accounts. Separate lists must be maintained for staff accounts and for borrowers.
Passwords may be manually added to or deleted from the exclusion list, or added in bulk with a text file using the Upload function. The text file should be in .txt format, with a single password on each line separated by a carriage return.
If a forbidden password is used when registering at the OPAC, the borrower will be be registered, but will be assigned a temporary password.
If a forbidden password is used when creating a staff user, creation will fail with the message Password is not allowed.
Attempting to update an existing password to a forbidden password in the OPAC or staff interfaces will fail with the message Password is not allowed.