How helpful was this page?
General best practices
- Don't share passwords.
- Don't use generic passwords or shared operator accounts. Each user should have their own unique username and password.
- Consider using a secure password management program to avoid forgetting your login info, and to avoid having your password in obvious places (like a post-it note on your desk).
- Keep your operating system, browsers, and COMPanion program up-to-date (if you are cloud hosted with us then you don’t have to worry about the last one).
- ALWAYS add a valid and current email to an operator patron record so that the operator can recover their password if needed.
- Make sure to whitelist email@example.com, which is the email address any password reset emails will come from. This might need to be done by a district or facility IT team.
- Have a plan to access the district admin's password/email if they leave, or have a backup district admin user.
We recommend that you set a standard for secure passwords and train your team accordingly.
Here are some generally accepted password rules:
- It is not safe to use the same password on more than one site. If your password is hacked for one site, then it could be used to get into multiple sites. Reusing passwords is not secure.
- Create a password that is hard to guess, and doesn't contain personal information like your birthdate or phone number. A strong password should be easy for you to remember, but hard for anyone to guess or associate with you. Avoid using simple phrases, words, or patterns that are easy to guess.
- Remember that the longer a password is, the harder it is to hack.
- Follow these simple steps to keep your data (and yourself) safe.
Adding Operators is usually done by an admin, or someone who has greater security rights than the new operator being created.
Read through the step-by-step instructions for Adding Operators, or watch our training video below. Be sure the operator has an EMAIL, maybe even TWO, so they can always recover their password!
There are two possible scenarios for recovering a login or getting back into Alexandria; if you have an operator record with an email attached to it, or if you do not. We will cover both below.
If approved, a Support Team member will then issue a temporary password that is good for 24 hours.
With this temporary password, you can log in to Alexandria and follow these steps to reset the password:
Go to Patrons and select Advanced Search to bring up the patron profile with the login credentials and permissions. Once the patron record is displayed, click the Lock icon to unlock the record. Go to the Access tab and enter a new password, then click Save.
Please also be aware that our 24 hour temporary password does give the logged-in-user highest access to the program. It is wise to be sensitive with whom you are sharing these temporary credentials.
See also: Reset Patron Username and Password
The Approval process for temporary password issuance can be lengthy due to the detailed review requirements. This can take up to 2 or more business days processing based on the verification of the person requesting, and release of the temporary passwords.
COMPanion suggests regular audits of who has operator access to Alexandria, and if old operators should be removed. There are multiple security group levels; all may need to be cleaned up.