Starting with Ares 4.6, sites can set password requirements for patrons using Ares authentication. New installations of Ares will contain this requirement by default. Those updating from an older version can set the password requirement manually in the Ares Customization Manager.
Default Password Requirement
The default validation rule for passwords requires at least eight characters with at least one lowercase letter, one uppercase letter, and one number, and is expressed by this regular expression:
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$
With the Ares default password requirement, passwords must contain:
- At least 8 characters
- At least 1 lowercase letter
- At least 1 uppercase letter
- At least 1 number
Setting the Password Requirement
To set the default validation rule for Ares passwords:
- In the Ares Customization Manager, navigate to Web | Validation | WebValidation.
- Change the Validation Type field to RegEx.
- In the Validation field for password entries, change the value to ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$
- Click Save.
Editing the Password Requirement
The default password requirement can be edited to fit specific institution needs. This is done by simply editing the regular expression that sets the password requirement.
- Navigate to Web | Validation | WebValidation in the Ares Customization Manager.
- Double-click on the line you want to edit (Change Password or Registration).
- Make sure the Validation Type field is set to RegEx.
- Edit the Validation field.
- Click Save.
Password Examples
The default requirement above (^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$) breaks down roughly as:
- A ^ and $ character to indicate the beginning and end of the text.
- A series of (?=.*#character class#) elements, which look ahead to make sure at least some part of the text matches the given #character class#, which includes
- \d - any number
- [a-z]any lowercase number
- [A-Z]any uppercase number
- .{8,} to ensure the text is at least eight characters.
Here are some examples of some common complexity requirements expressed as regular expressions. Remember that the web validation fields cannot exceed 255 characters when designing your regular expressions, and to change the rule for both the registration and the change password forms.
Require at least eight characters with at least one letter, one number, and one symbol |
|
Require between 8 and 20 characters with at least one letter and one number |
|
Require at least 10 characters |
|
Requires a password of at least eight characters with characters coming from at least two of the following three groups: letters, numbers, and symbols. |
|