Tip for: 03.27.17 | Updated: 05.08.20

How strong is the password you use to log in to Alexandria? You aren’t going to have any mischievous 7th-grader guessing it and wreaking havoc on your collection, are you? Let’s take a look at some good password tips.

Picking a good password

In general, you want to choose a password that someone is not likely to guess, whether it’s ‘silverhorses’ or ‘112233cats’ etc. But as a librarian with access not only to your precious Alexandria catalog but also to numerous person records, you are responsible for the security of the database and of those patrons’ information. 

To choose a strong password, you want something that a) the 7th-grader can never guess, and b) hacking (password-guessing) software is going to have to work really, really hard for. These are similar but not the same goals. For example, the 7th-grader will never guess a random 5-digit string of numbers (or, it might take them thousands of tries), but 5 digits isn’t that long for a computer program to try every possibility. On the other hand, a program might take forever to guess ‘ilovebooks4ever’ but the 7th-grader might try that fairly early on. 

Some highly-recommended points for picking a good password:

1. Pick a long semi-random phrase, like ‘herdofsilverhorses’.
2. Add a number to really throw things off, e.g. ‘herdof30silverhorses’.
3. Add a symbol* to make things really fancy, e.g. ‘herdof30silverhorses!’.
4. Don’t write your password on a sticky note that you keep on your desk. (I recommend using password-management software.)

If you count that last iteration of my beautiful password, it’s 21 characters long. Yikes! That’s pretty secure. Usually 12–15 characters will keep you pretty safe. Anything above that and you are a super guardian of your domain.

*Most symbols are fine, but be aware that some login pages will see symbols in the password as part of their code, and then you get stuck out of your account. Not fun. So be sure to always test your password after you change it! In Alexandria we recommend any of the following: !@#$%^&*-=+.,

Changing your password in Alexandria

You can change your own password in Alexandria through Researcher:

• In v7, log into Search. Go to Patron Status by either clicking on the Patron Status icon  at the top of the page or appending /status to the end of your URL. From Patron Status, click the Account tab and unlock  the page. Fill out both New Password fields, and click Save when you're done.

• In v6, log in to Researcher, then click on your name to go to Patron Status. Click Change Password and fill out the Old Password, New Password, and Confirm Password fields. Click Save when you're done.
  
  

You, as the librarian, can also change passwords through Patrons Management:

• In v7, unlock the patron record and enter the new password in the Password and Confirm Password fields on the Access tab. Click Save.

• In v6, you'll need to click on Reset Password. 

Don’t forget to check with your aides to ensure they also have appropriate passwords!

Password Requirements in v7

As of 7.16.2, you can set password requirements for your staff and patrons. Go to Security, and the Account tab. (This used to be the Researcher tab.) There is now an option for Password Strength.

When set, patron passwords entered in Patron Management or Patron Status are required to fit the following guidelines:
Weak Passwords: Minimum length of 6 characters.
Regular Passwords: Minimum length of 8 characters, with at least one letter (a-z) and one number (0-9).
Strong Passwords: Minimum length of 10 characters, with at least one letter (a-z), one number (0-9), and one symbol (!@#$%^&*-=+.,).

This means you can require your patrons to have basic password security (of a weak strength), but require your librarians and administrators to have stronger passwords.

Carry on, fearless guardian!

See also https://xkcd.com/936/