Better account security: password expiry and reset in Koha

By PTFS-Europe

24th April 2024 |

In this video, Aude talks about features first introduced in Koha 22.05 and 22.11 related to password expiry and reset. She explains how to ensure users change their password regularly by making their password expire after a defined period of time. She then discusses options available for password reset.

Koha account security

There are many options in Koha to help you and your colleagues increase the security of the data you hold. A big part of it will be making sure only the persons who are allowed to do so have access to the data. For the Koha staff interface, that can simply mean library staff need a password to login. But often you will want stronger protection than that: controlling password expiry and reset can be useful.

Other Koha features for better password security include:

Want more Koha tips? Check the other Koha-related articles on our blog.

How to use the password expiry and reset options

Note: all hyperlinks in this section point to the Koha manual.

Set your password expiry period in the patron category settings.

EnableExpiredPasswordReset system preference: to allow users to reset their password directly when they try to login, rather than them having to use the OPAC’s Forgot your password? link or ask another member of staff for help.

OpacResetPassword system preference: this is primarily used to allow users to change their password via an OPAC page. When enabled, the Forgot your password? link appears below the login form on the OPAC. Using it will trigger the PASSWORD_RESET notice which contains a link for the user to reset their password. The same system preference also makes a parallel option appear in the staff interface: in a user account, under the More button, staff can click “Send password reset”. This triggers the STAFF_PASSWORD_RESET notice which contains a link for the user to reset their password.

NotifyPasswordChange system preference: to notify the user that their password has just been updated. This acts as both a confirmation and an alert in case the user did not actually reset their password. The PASSWORD_CHANGE notice is used.

All notices text can be customised via Tools > Notices and slips.

Books in a hand - library data migration

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better account security: password expiry and reset in Koha

Koha account security

How to use the password expiry and reset options

Koha Community Positions for the 24.11 Cycle

Koha Foundation Proposal

Need help? Chat to our team of experts today.