Staff Authentication Password Requirements


Starting with ILLiad 9.0, sites can set password requirements for staff using the StaffPasswordComplexity key. Existing sites will have this key set to .* to preserve existing functionality, but new installations will have the complex password requiring at least 8 characters, including an upper and lower case letter and a number. The Staff Manager does have an override ability that will prompt 'Password does not meet requirements. Would you still like to set the password?' when a password does not meet the specified requirements.

Default Password Requirement

In order to require at least eight characters with at least one lowercase letter, one uppercase letter, and one number, the following regular express should be entered as the value for the StaffPasswordComplexity key:


With the ILLiad default password requirement, passwords must contain:

  • At least 8 characters
  • At least 1 lowercase letter
  • At least 1 uppercase letter
  • At least 1 number

Setting the Password Requirement

To set the default validation rule for Staff passwords:

  1. Open the ILLiad Customization Manager.
  2. Navigate to System | General.
  3. Locate the StaffPasswordComplexity key.
  4. Change the value to ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$
  5. Click Save.


Editing the Password Requirement

The default Staff password requirement can be edited to fit specific institution needs. This is done by simply editing the regular expression that sets the password requirement.

See Testing Regular Expressions for more information about regular expressions.

  1. Navigate to System | General in the ILLiad Customization Manager.
  2. Locate the StaffPasswordComplexity key.
  3. Change the value to the regular expression you want to use.
  4. Click Save.


Password Examples

The default requirement above (^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$) breaks down roughly as:

  • A ^ and $ character to indicate the beginning and end of the text.
  • A series of (?=.*#character class#) elements, which look ahead to make sure at least some part of the text matches the given #character class#, which includes
    • \d - any number
    • [a-z]any lowercase number
    • [A-Z]any uppercase number
  • .{8,} to ensure the text is at least eight characters.


Here are some examples of some common complexity requirements expressed as regular expressions. Remember that the web validation fields cannot exceed 255 characters when designing your regular expressions, and to change the rule for both the registration and the change password forms.

Require at least eight characters with at least one letter, one number, and one symbol
Require between 8 and 20 characters with at least one letter and one number
Require at least 10 characters
Requires a password of at least eight characters with characters coming from at least two of the following three groups: letters, numbers, and symbols.
0 out of 0 found this helpful



Article is closed for comments.