Aeon Standard: Password Authentication Requirements

Follow

Starting with Aeon 3.8, sites can set password requirements for patrons who are using Aeon authentication. New installations of Aeon will already contain this requirement. Sites updating from an older version can set the password requirement in the Aeon Customization Manager.

Default Password Requirement

The default validation rule for passwords now requires at least eight characters with at least one lowercase letter, one uppercase letter, and one number, and is expressed by this regular expression:

^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$

With the ILLiad default password requirement, passwords must contain:

  • At least 8 characters
  • At least 1 lowercase letter
  • At least 1 uppercase letter
  • At least 1 number

Setting the Password Requirement

To set the default validation rule for Aeon passwords:

  1. Open the Aeon Customization Manager.
  2. Navigate to Web Interface | Validation | WebValidation.
  3. In the Validation field, change the value to ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$
  4. Click Save.

Editing the Password Requirement

The default password requirement can be edited to fit specific institution needs. This is done by simply editing the regular expression that sets the password requirement.

See Testing Regular Expressions for more information about regular expressions.

  1. Navigate to Web Interface | Validation | WebValidation in the Aeon Customization Manager.
  2. Double-click on the line you want to edit (Change Password or Registration).
  3. Edit the Validation field.
  4. Click Save.

Password Examples

The default requirement above (^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$) breaks down roughly as:

  • A ^ and $ character to indicate the beginning and end of the text.
  • A series of (?=.*#character class#) elements, which look ahead to make sure at least some part of the text matches the given #character class#, which includes
    • \d - any number
    • [a-z]any lowercase number
    • [A-Z]any uppercase number
  • .{8,} to ensure the text is at least eight characters.

Here are some examples of some common complexity requirements expressed as regular expressions. Remember that the web validation fields cannot exceed 255 characters when designing your regular expressions, and to change the rule for both the registration and the change password forms.

Require at least eight characters with at least one letter, one number, and one symbol
^(?=.*\d)(?=.*[a-zA-Z])(?=.*\W).{8,}$
Require between 8 and 20 characters with at least one letter and one number
^(?=.*\d)(?=.*[a-zA-Z]).{8,20}$
Require at least 10 characters
^.{10,}$
Requires a password of at least eight characters with characters coming from at least two of the following three groups: letters, numbers, and symbols.
^((?=.*\d)(?=.*[a-zA-Z])|(?=.*\d)(?=.*\W)|
(?=.*[a-zA-Z])(?=.*\W)).{8,}$

 

 

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.