Only tangentially-related, but I would feel more comfortable supporting
a feature like the one Jennifer described with one common password and
would feel better about the phone number password that already exists as
a feature in Evergreen if the catalog regained the ability to check for
password strength at login.
https://bugs.launchpad.net/evergreen/+bug/1013786
I understand the reasons behind providing a simple password at
registration that is easy for users to remember, but we essentially are
giving users a weak password. Although some users may take the
initiative to change their passwords, I'm guessing many just stick with
the password they are given. Forcing them to change their passwords upon
the first login would allow us to provide a convenient, easy-to-remember
password at registration while also ensuring that a stronger password is
ultimately required to access the account.
Kathy
On 02/04/2015 07:06 PM, Walz, Jennifer wrote:
Martha,
That is very helpful! Thank you. I think maybe we will see if we can just
load the duplicate of their barcode from their student id.
Jennifer
--------------------------------------------------
Jennifer Walz, MLS - ILS manager
Kinlaw Library - Asbury University
One Macklem Drive, Wilmore, KY 40390
859-858-3511 ext. 2269
jlw...@asbury.edu
-----Original Message-----
From: Open-ils-general
[mailto:open-ils-general-boun...@list.georgialibraries.org] On Behalf Of Martha
Driscoll
Sent: Wednesday, February 04, 2015 5:28 PM
To: open-ils-general@list.georgialibraries.org
Subject: Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Hi Jennifer,
When you load your student records, you can certainly load in anything you want
into the password field. It is usually helpful to load in something that is
unique to the student like their birth date or university ID. You could load
in the same password for everyone, but that would lead to students knowing how
to access other students accounts.
If you register patrons by hand, then you can change the random password to
something else. It's a few extra keystrokes, but will get you by until records
are loaded for you.
When we migrated our data, we loaded the same password into each record.
It was a random string of 25 characters and we never told anyone what the
password was. As long as the patron has a valid email address in their
Evergreen record, then they can reset their password from the login screen.
People who did not have an email address just had to ask the circulation staff
to reset the password for them.
For public libraries who don't load patron records, we had business cards
printed up with 4-digit numbers on them. When registering a patron, libraries
input the number on the next card and hand the card to the patron. That way
they don't have to say out loud what the password is. The patron can then go
change it to something else.
--
Martha Driscoll
Systems Manager
North of Boston Library Exchange
Danvers, Massachusetts
www.noblenet.org
On 2/4/2015 4:00 PM, Walz, Jennifer wrote:
Kathy,
That is what I believe is happening now when you register a new user.
But that is a random number. But the instructions on the web page
say use your phone number. That is incorrect. And what I really want
to know, is instead of generating a random number for each newly
registered user, is there a way to auto populate the field with the SAME
standard generic password. That way, when we personally register a new
student, we can tell them "this is your generic password" so they can
then go on the system to change it themselves. We would of course NOT
post those instructions on the web site or opac. We also hope to be
auto-loading our student records sometime soon. So in that process,
can we fill in the SAME starter password for each new user record when the
system uploads all of their other data? Does the system automatically
generate a random password whenever a new record is created? Can we
have it copy their barcode over to that field?
Thanks!
Jennifer
--------------------------------------------------
Jennifer Walz, MLS - ILS Mysterium
Kinlaw Library - *Asbury University*
One Macklem Drive, Wilmore, KY 40390
859-858-3511 ext. 2269
jlw...@asbury.edu
*From:*Open-ils-general
[mailto:open-ils-general-boun...@list.georgialibraries.org] *On Behalf
Of *Kathy Lussier
*Sent:* Tuesday, February 03, 2015 5:14 PM
*To:* open-ils-general@list.georgialibraries.org
*Subject:* Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Hi Jennifer,
Another possible approach is to use a randomly-generated password when
creating the account and then instructing users to use the "Create or
reset your password" link on the "My Account" page to reset their
password on the first login. The advantage to this method is users can
then create their own passwords, which is a bit more secure than using
a phone number or another number that might be easily obtained.
Kathy
On 02/03/2015 11:17 AM, Walz, Jennifer wrote:
All -
Ok. I do appreciate that Evergreen has built in security
measures. They are very good. However, I am unclear about how we
can change some of those settings to better match our needs.
It appears to me that the default for user accounts passwords is
the last 4 digits of the patron phone number. But we don't enter a
phone number most of the time. We use email as the required field
instead. Phone number is not required on the patron registration
form. So, then how do patrons know what their password is in order
to access their account through the opac interface? Is there a
way that we can set a default generic password to be populated into
the patron registration form? We had that on our previous system
and we could then tell all students to use that and then change
their password after they got into their account. How do we make
this work in Evergreen? How do students get into their account if
they don't know what the password is?
Secondary issue: And I am assuming that somewhere in the templates
we can change the language of the prompt for the opac webpage?
Right now it tells patrons to use the last 4 digits of their
phone number - which is wrong information. Can someone tell me where
that text is so I can change it?
Thanks!
Jennifer
--------------------------------------------------
Jennifer Walz, MLS - Head of ILS madness
Kinlaw Library - *Asbury University*
One Macklem Drive, Wilmore, KY 40390
859-858-3511 ext. 2269
jlw...@asbury.edu <mailto:jlw...@asbury.edu>
--
Kathy Lussier
Project Coordinator
Massachusetts Library Network Cooperative
(508) 343-0128
kluss...@masslnc.org <mailto:kluss...@masslnc.org>
Twitter:http://www.twitter.com/kmlussier
--
Kathy Lussier
Project Coordinator
Massachusetts Library Network Cooperative
(508) 343-0128
kluss...@masslnc.org
Twitter: http://www.twitter.com/kmlussier
