New System Preference : RequireStrongPassword

by Kelly McElligott on Jul 19, 2018

This blog will discuss the new feature found in Koha 17.11, Require Strong Password. This is a new system preference with Koha 17.11 and if turned on, when setting a patron/staff password- it will need to be the minimum password length (set by System Preference) and include 1 lowercase, 1 uppercase and 1 digit.

There are many places throughout Koha that will be affected with this change and it is good to see what they will look like for your library and patrons. Such as, editing a patron, changing the password of a patron, patron changing their password on the OPAC, patron reseting their password on the OPAC, and the Self Registration feature. Each of these functions will be explained below- and this will depend on if specific system preferences are set up on your library’s Koha.

Editing / Changing Patron's Password

When editing a patron's password in their account on the Staff side, upon opening Change Password, there is no indication that requirements are made- but as the staff member starts to type- there is a message in red:

Passwords must contain 4 characters. Upper Case, Lowercase and Numbers. The option “Click to fill with a randomly generated suggestion does still work. Staff member must enter a password that fits the criteria to be able to save the password with this system preference set.

Adding a New Patron

The process is the same for adding a new patron. When entering a password, it will alert the staff member as they type in a password about the complexity of the password.

If the System Preference : minpassword has the requirement of more than 4, this complexity and messages will change to let staff/patron know that x number of letters are required.

Patron side On the OPAC side

If you have the System Preference: OPACpasswordchange set to Allow. This gives the patrons the ability to change their own password on the OPAC.

The tab on the Patron Summary of the OPAC has “Change your Password” The patron must enter their current password and the new password (2x). As in the staff client, as the patron starts typing, the message about the complexity of the password appears. There is not the link to have the password autogenerated on the OPAC.

Patron OPAC- Forgot Password

If you system preference called OPACresetPassword is set to allow - which allows the patron to click “Forgot your Password” from the OPAC.

If the patron forgets their password and gets a recovery email with a link. The patron clicks the link and is brought to the OPAC on a screen to have them recreate a new password. Unlike the other ways - a message is not made to the patron about the “complexity”of the password until they don’t create a complex password. They receive this message:

Then the patron understand that there are requirements when creating a password.

For more 17.11 upgrade information - click here!