Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Kathy, That is what I believe is happening now when you register a new user. But that is a random number. But the instructions on the web page say use your phone number. That is incorrect. And what I really want to know, is instead of generating a random number for each newly registered user, is there a way to auto populate the field with the SAME standard generic password. That way, when we personally register a new student, we can tell them this is your generic password so they can then go on the system to change it themselves. We would of course NOT post those instructions on the web site or opac. We also hope to be auto-loading our student records sometime soon. So in that process, can we fill in the SAME starter password for each new user record when the system uploads all of their other data?Does the system automatically generate a random password whenever a new record is created? Can we have it copy their barcode over to that field? Thanks! Jennifer -- Jennifer Walz, MLS - ILS Mysterium Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu From: Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] On Behalf Of Kathy Lussier Sent: Tuesday, February 03, 2015 5:14 PM To: open-ils-general@list.georgialibraries.org Subject: Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, Another possible approach is to use a randomly-generated password when creating the account and then instructing users to use the Create or reset your password link on the My Account page to reset their password on the first login. The advantage to this method is users can then create their own passwords, which is a bit more secure than using a phone number or another number that might be easily obtained. Kathy On 02/03/2015 11:17 AM, Walz, Jennifer wrote: All - Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don't enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use that and then change their password after they got into their account.How do we make this work in Evergreen?How do students get into their account if they don't know what the password is? Secondary issue: And I am assuming that somewhere in the templates we can change the language of the prompt for the opac webpage? Right now it tells patrons to use the last 4 digits of their phone number - which is wrong information.Can someone tell me where that text is so I can change it? Thanks! Jennifer -- Jennifer Walz, MLS - Head of ILS madness Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edumailto:jlw...@asbury.edu -- Kathy Lussier Project Coordinator Massachusetts Library Network Cooperative (508) 343-0128 kluss...@masslnc.orgmailto:kluss...@masslnc.org Twitter: http://www.twitter.com/kmlussier
Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
I don't know of a trivial way to do so. If you have someone willing to dig into the code I suspect that's probably set in the staff client though there might be something else that writes something in in the case of a null (it can't be null in the database). I haven't looked, so this is just me thinking about it. I suspect that this is doable but not without someone comfortable with it digging into a bit of Evergreen's guts and spending some time on it. On Wed, Feb 4, 2015 at 4:00 PM, Walz, Jennifer jlw...@asbury.edu wrote: Kathy, That is what I believe is happening now when you register a new user. But that is a random number. But the instructions on the web page say use your phone number. That is incorrect. And what I really want to know, is instead of generating a random number for each newly registered user, is there a way to auto populate the field with the SAME standard generic password. That way, when we personally register a new student, we can tell them “this is your generic password” so they can then go on the system to change it themselves.We would of course NOT post those instructions on the web site or opac. We also hope to be auto-loading our student records sometime soon. So in that process, can we fill in the SAME starter password for each new user record when the system uploads all of their other data?Does the system automatically generate a random password whenever a new record is created? Can we have it copy their barcode over to that field? Thanks! Jennifer -- Jennifer Walz, MLS – ILS Mysterium Kinlaw Library - *Asbury University* One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu *From:* Open-ils-general [mailto: open-ils-general-boun...@list.georgialibraries.org] *On Behalf Of *Kathy Lussier *Sent:* Tuesday, February 03, 2015 5:14 PM *To:* open-ils-general@list.georgialibraries.org *Subject:* Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, Another possible approach is to use a randomly-generated password when creating the account and then instructing users to use the Create or reset your password link on the My Account page to reset their password on the first login. The advantage to this method is users can then create their own passwords, which is a bit more secure than using a phone number or another number that might be easily obtained. Kathy On 02/03/2015 11:17 AM, Walz, Jennifer wrote: All – Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don’t enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use that and then change their password after they got into their account. How do we make this work in Evergreen?How do students get into their account if they don’t know what the password is? Secondary issue: And I am assuming that somewhere in the templates we can change the language of the prompt for the opac webpage? Right now it tells patrons to use the last 4 digits of their phone number – which is wrong information.Can someone tell me where that text is so I can change it? Thanks! Jennifer -- Jennifer Walz, MLS - Head of ILS madness Kinlaw Library - *Asbury University* One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu -- Kathy Lussier Project Coordinator Massachusetts Library Network Cooperative (508) 343-0128 kluss...@masslnc.org Twitter: http://www.twitter.com/kmlussier -- Rogan Hamby, MLS, CCNP, MIA Managers Headquarters Library and Reference Services, York County Library System “You can never get a cup of tea large enough or a book long enough to suit me.” ― C.S. Lewis http://www.goodreads.com/author/show/1069006.C_S_Lewis
Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Jennifer, I was just looking into how our EG is set to use the student ID as their password. When we migrated we hired ESI and they gave me some Postgres stored procedures that I use to batch load patrons. As part of this process I use to load the students I create a temporary table with some required fields, and I load the new student data into that table. That temporary table has some very obvious fields, like first name, last name, and password. When I configure how to load a CSV file of students into that temporary table, I make sure to load the student number into both the password field and a field called ident_value. The ident_value field is displayed as the patron's ID or primary identification in the EG client. I take a couple other steps, but I hope this starts to explain how we do it. In your case, if you are batch loading students just load the barcode value into both the barcode field and the password field. Though, the password field and the barcode fields live in two separate tables in the EG DB, I am sure it can be done with some research and practice. I suspect other academic libraries use their own homegrown process for batch loading their patrons that do not use the ESI stored procedures. I would like to store different approaches on the wiki for reference. Good luck, Yamil On Wed, Feb 4, 2015 at 5:03 PM, Rogan Hamby rogan.ha...@yclibrary.net wrote: I don't know of a trivial way to do so. If you have someone willing to dig into the code I suspect that's probably set in the staff client though there might be something else that writes something in in the case of a null (it can't be null in the database). I haven't looked, so this is just me thinking about it. I suspect that this is doable but not without someone comfortable with it digging into a bit of Evergreen's guts and spending some time on it. On Wed, Feb 4, 2015 at 4:00 PM, Walz, Jennifer jlw...@asbury.edu wrote: Kathy, That is what I believe is happening now when you register a new user. But that is a random number. But the instructions on the web page say use your phone number. That is incorrect. And what I really want to know, is instead of generating a random number for each newly registered user, is there a way to auto populate the field with the SAME standard generic password. That way, when we personally register a new student, we can tell them “this is your generic password” so they can then go on the system to change it themselves.We would of course NOT post those instructions on the web site or opac. We also hope to be auto-loading our student records sometime soon. So in that process, can we fill in the SAME starter password for each new user record when the system uploads all of their other data?Does the system automatically generate a random password whenever a new record is created? Can we have it copy their barcode over to that field? Thanks! Jennifer -- Jennifer Walz, MLS – ILS Mysterium Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu From: Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] On Behalf Of Kathy Lussier Sent: Tuesday, February 03, 2015 5:14 PM To: open-ils-general@list.georgialibraries.org Subject: Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, Another possible approach is to use a randomly-generated password when creating the account and then instructing users to use the Create or reset your password link on the My Account page to reset their password on the first login. The advantage to this method is users can then create their own passwords, which is a bit more secure than using a phone number or another number that might be easily obtained. Kathy On 02/03/2015 11:17 AM, Walz, Jennifer wrote: All – Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don’t enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use that and then change their password after they got into their account.How do we make this work in Evergreen?How do students get into their account if they don’t know what the password is? Secondary issue: And I am assuming that somewhere
Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Hi Jennifer, When you load your student records, you can certainly load in anything you want into the password field. It is usually helpful to load in something that is unique to the student like their birth date or university ID. You could load in the same password for everyone, but that would lead to students knowing how to access other students accounts. If you register patrons by hand, then you can change the random password to something else. It's a few extra keystrokes, but will get you by until records are loaded for you. When we migrated our data, we loaded the same password into each record. It was a random string of 25 characters and we never told anyone what the password was. As long as the patron has a valid email address in their Evergreen record, then they can reset their password from the login screen. People who did not have an email address just had to ask the circulation staff to reset the password for them. For public libraries who don't load patron records, we had business cards printed up with 4-digit numbers on them. When registering a patron, libraries input the number on the next card and hand the card to the patron. That way they don't have to say out loud what the password is. The patron can then go change it to something else. -- Martha Driscoll Systems Manager North of Boston Library Exchange Danvers, Massachusetts www.noblenet.org On 2/4/2015 4:00 PM, Walz, Jennifer wrote: Kathy, That is what I believe is happening now when you register a new user. But that is a random number. But the instructions on the web page say use your phone number. That is incorrect. And what I really want to know, is instead of generating a random number for each newly registered user, is there a way to auto populate the field with the SAME standard generic password. That way, when we personally register a new student, we can tell them “this is your generic password” so they can then go on the system to change it themselves.We would of course NOT post those instructions on the web site or opac. We also hope to be auto-loading our student records sometime soon. So in that process, can we fill in the SAME starter password for each new user record when the system uploads all of their other data?Does the system automatically generate a random password whenever a new record is created? Can we have it copy their barcode over to that field? Thanks! Jennifer -- Jennifer Walz, MLS – ILS Mysterium Kinlaw Library - *Asbury University* One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu *From:*Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] *On Behalf Of *Kathy Lussier *Sent:* Tuesday, February 03, 2015 5:14 PM *To:* open-ils-general@list.georgialibraries.org *Subject:* Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, Another possible approach is to use a randomly-generated password when creating the account and then instructing users to use the Create or reset your password link on the My Account page to reset their password on the first login. The advantage to this method is users can then create their own passwords, which is a bit more secure than using a phone number or another number that might be easily obtained. Kathy On 02/03/2015 11:17 AM, Walz, Jennifer wrote: All – Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don’t enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use that and then change their password after they got into their account.How do we make this work in Evergreen?How do students get into their account if they don’t know what the password is? Secondary issue: And I am assuming that somewhere in the templates we can change the language of the prompt for the opac webpage? Right now it tells patrons to use the last 4 digits of their phone number – which is wrong information. Can someone tell me where that text is so I can change it? Thanks! Jennifer -- Jennifer Walz, MLS - Head of ILS madness Kinlaw Library - *Asbury University* One Macklem Drive, Wilmore, KY
Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Martha, That is very helpful! Thank you. I think maybe we will see if we can just load the duplicate of their barcode from their student id. Jennifer -- Jennifer Walz, MLS - ILS manager Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu -Original Message- From: Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] On Behalf Of Martha Driscoll Sent: Wednesday, February 04, 2015 5:28 PM To: open-ils-general@list.georgialibraries.org Subject: Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, When you load your student records, you can certainly load in anything you want into the password field. It is usually helpful to load in something that is unique to the student like their birth date or university ID. You could load in the same password for everyone, but that would lead to students knowing how to access other students accounts. If you register patrons by hand, then you can change the random password to something else. It's a few extra keystrokes, but will get you by until records are loaded for you. When we migrated our data, we loaded the same password into each record. It was a random string of 25 characters and we never told anyone what the password was. As long as the patron has a valid email address in their Evergreen record, then they can reset their password from the login screen. People who did not have an email address just had to ask the circulation staff to reset the password for them. For public libraries who don't load patron records, we had business cards printed up with 4-digit numbers on them. When registering a patron, libraries input the number on the next card and hand the card to the patron. That way they don't have to say out loud what the password is. The patron can then go change it to something else. -- Martha Driscoll Systems Manager North of Boston Library Exchange Danvers, Massachusetts www.noblenet.org On 2/4/2015 4:00 PM, Walz, Jennifer wrote: Kathy, That is what I believe is happening now when you register a new user. But that is a random number. But the instructions on the web page say use your phone number. That is incorrect. And what I really want to know, is instead of generating a random number for each newly registered user, is there a way to auto populate the field with the SAME standard generic password. That way, when we personally register a new student, we can tell them this is your generic password so they can then go on the system to change it themselves.We would of course NOT post those instructions on the web site or opac. We also hope to be auto-loading our student records sometime soon. So in that process, can we fill in the SAME starter password for each new user record when the system uploads all of their other data?Does the system automatically generate a random password whenever a new record is created? Can we have it copy their barcode over to that field? Thanks! Jennifer -- Jennifer Walz, MLS - ILS Mysterium Kinlaw Library - *Asbury University* One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu *From:*Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] *On Behalf Of *Kathy Lussier *Sent:* Tuesday, February 03, 2015 5:14 PM *To:* open-ils-general@list.georgialibraries.org *Subject:* Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, Another possible approach is to use a randomly-generated password when creating the account and then instructing users to use the Create or reset your password link on the My Account page to reset their password on the first login. The advantage to this method is users can then create their own passwords, which is a bit more secure than using a phone number or another number that might be easily obtained. Kathy On 02/03/2015 11:17 AM, Walz, Jennifer wrote: All - Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don't enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use
Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Only tangentially-related, but I would feel more comfortable supporting a feature like the one Jennifer described with one common password and would feel better about the phone number password that already exists as a feature in Evergreen if the catalog regained the ability to check for password strength at login. https://bugs.launchpad.net/evergreen/+bug/1013786 I understand the reasons behind providing a simple password at registration that is easy for users to remember, but we essentially are giving users a weak password. Although some users may take the initiative to change their passwords, I'm guessing many just stick with the password they are given. Forcing them to change their passwords upon the first login would allow us to provide a convenient, easy-to-remember password at registration while also ensuring that a stronger password is ultimately required to access the account. Kathy On 02/04/2015 07:06 PM, Walz, Jennifer wrote: Martha, That is very helpful! Thank you. I think maybe we will see if we can just load the duplicate of their barcode from their student id. Jennifer -- Jennifer Walz, MLS - ILS manager Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu -Original Message- From: Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] On Behalf Of Martha Driscoll Sent: Wednesday, February 04, 2015 5:28 PM To: open-ils-general@list.georgialibraries.org Subject: Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, When you load your student records, you can certainly load in anything you want into the password field. It is usually helpful to load in something that is unique to the student like their birth date or university ID. You could load in the same password for everyone, but that would lead to students knowing how to access other students accounts. If you register patrons by hand, then you can change the random password to something else. It's a few extra keystrokes, but will get you by until records are loaded for you. When we migrated our data, we loaded the same password into each record. It was a random string of 25 characters and we never told anyone what the password was. As long as the patron has a valid email address in their Evergreen record, then they can reset their password from the login screen. People who did not have an email address just had to ask the circulation staff to reset the password for them. For public libraries who don't load patron records, we had business cards printed up with 4-digit numbers on them. When registering a patron, libraries input the number on the next card and hand the card to the patron. That way they don't have to say out loud what the password is. The patron can then go change it to something else. -- Martha Driscoll Systems Manager North of Boston Library Exchange Danvers, Massachusetts www.noblenet.org On 2/4/2015 4:00 PM, Walz, Jennifer wrote: Kathy, That is what I believe is happening now when you register a new user. But that is a random number. But the instructions on the web page say use your phone number. That is incorrect. And what I really want to know, is instead of generating a random number for each newly registered user, is there a way to auto populate the field with the SAME standard generic password. That way, when we personally register a new student, we can tell them this is your generic password so they can then go on the system to change it themselves.We would of course NOT post those instructions on the web site or opac. We also hope to be auto-loading our student records sometime soon. So in that process, can we fill in the SAME starter password for each new user record when the system uploads all of their other data?Does the system automatically generate a random password whenever a new record is created? Can we have it copy their barcode over to that field? Thanks! Jennifer -- Jennifer Walz, MLS - ILS Mysterium Kinlaw Library - *Asbury University* One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu *From:*Open-ils-general [mailto:open-ils-general-boun...@list.georgialibraries.org] *On Behalf Of *Kathy Lussier *Sent:* Tuesday, February 03, 2015 5:14 PM *To:* open-ils-general@list.georgialibraries.org *Subject:* Re: [OPEN-ILS-GENERAL] user passwords for accounts - default? Hi Jennifer, Another possible approach is to use a randomly-generated password when creating the account and then instructing users to use the Create or reset your password link on the My Account page to reset their password on the first login. The advantage to this method is users can then create their own passwords, which is a bit more secure than using a phone number or another number that might be easily obtained. Kathy
Re: [OPEN-ILS-GENERAL] user passwords for accounts - default?
Jeniffer, I work at an academic library an we have set up EG to use our student's ID numbers as the default password, though I don't remember right now how it was done by ESI. I remember it being something simple, I am sure somebody else here knows how. We then customized 3 TPAC templates files to make the login form explain to students how to log in. The files are found in this directory, in a typical EG install /openils/var/templates/opac/parts/login/ 1) form.tt2- this file lets you customize most of the login form 2) help.tt2- this file lets you customize the display of information on how patrons can get help with the form: Visit our FAQs section for answers to common questions about how to use your account. 3) password_hint.tt2- this file lets you customize the message concerning what their password is set to: If this is your first time logging in, please enter the last 4 digits of your phone number. Example: 0926 Good luck, Yamil On Tue, Feb 3, 2015 at 11:17 AM, Walz, Jennifer jlw...@asbury.edu wrote: All – Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don’t enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use that and then change their password after they got into their account.How do we make this work in Evergreen?How do students get into their account if they don’t know what the password is? Secondary issue: And I am assuming that somewhere in the templates we can change the language of the prompt for the opac webpage? Right now it tells patrons to use the last 4 digits of their phone number – which is wrong information.Can someone tell me where that text is so I can change it? Thanks! Jennifer -- Jennifer Walz, MLS - Head of ILS madness Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu -- Yamil Suarez, MCS Library System Administrator/Developer Stan Getz Library Berklee College of Music 1140 Boylston St Boston, MA 02215 ysua...@berklee.edu 617-747-2617
[OPEN-ILS-GENERAL] user passwords for accounts - default?
All - Ok. I do appreciate that Evergreen has built in security measures. They are very good. However, I am unclear about how we can change some of those settings to better match our needs. It appears to me that the default for user accounts passwords is the last 4 digits of the patron phone number. But we don't enter a phone number most of the time. We use email as the required field instead. Phone number is not required on the patron registration form. So, then how do patrons know what their password is in order to access their account through the opac interface? Is there a way that we can set a default generic password to be populated into the patron registration form? We had that on our previous system and we could then tell all students to use that and then change their password after they got into their account.How do we make this work in Evergreen?How do students get into their account if they don't know what the password is? Secondary issue: And I am assuming that somewhere in the templates we can change the language of the prompt for the opac webpage? Right now it tells patrons to use the last 4 digits of their phone number - which is wrong information.Can someone tell me where that text is so I can change it? Thanks! Jennifer -- Jennifer Walz, MLS - Head of ILS madness Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlw...@asbury.edu