Using PINs in WebPAC
Patrons create their PINs in WebPAC. The PIN requirements differ depending on the Sierra version.
- Sierra 4.2 and Later
- PINs are case-sensitive Unicode characters with maximum length of 64 characters. PINs created in previous releases will behave according to the PIN restrictions listed below for Sierra 4.1 and earlier.
- Sierra 4.1 and Earlier
- PINs can be up to eight alphanumeric characters; special characters are not supported. PINs are not case-sensitive.
Although you can enter more than eight characters when creating a PIN, only the first eight characters are stored in the patron record and are used to identify the user during authentication.
Patron PINs must also satisfy the following requirements:
- The PIN cannot contain common trivial patterns. For example:
- Consecutively repeating a character three or more times (for example, aaaa, aaaax7gp, x7gp3333).
- Consecutively repeating a set of up to four characters two or more times (for example, abab, abcabc, abcdabcd, ababx7gp, x7gp3434).
- If the MIN_PIN_LENGTH Web option is set, the PIN must be at least as many characters as specified in the option.
- If the PIN_ALPHA_NUM Web option is set to "true", the PIN must be alphanumeric (for example, 6swan54).
- If the PIN_NUM_ONLY Web option is set to "true", the PIN must be numeric.
If the user enters a trivial PIN, the system displays the following error message:
Your PIN is not complex enough to be secure. Please select another one.
Sierra blocks access to the patron account after too many failed login attempts as follows:
- Sierra 6.3 and later -- The system blocks access when patrons reach the number of failed attempts defined by the PIN_RETRY_LIMIT Web option. This option also defines the length of time patrons are blocked.
- Sierra 6.2 and earlier -- The system blocks access for one minute after five failed attempts to log in with the same barcode in one minute.
When the patron fails to validate, the system returns a generic error message and does not specify if the validation failed on name, barcode, or PIN.
Creating PINs in the WebPAC
To create a PIN in the WebPAC for a patron account that has no PIN:
- Click Login. The Login Form displays.
- In the Login Form, enter in the appropriate fields the user name and either the library card number or patron ID number. Leave the "Enter Your PIN" field blank.
- Click Login. WebPaC displays a new Login Form with the message, "Please enter a new PIN."
- Re-enter the username and library card number, and enter a new PIN in the "Enter Your PIN" and "Enter Your PIN Again" fields.
- Click Login.
Resetting PINs in the WebPAC Using the View Your Patron Record Display
Patrons who are logged in to the WebPAC can reset their PINs from the Patron Record Display. Clicking the Modify PIN displays the newpin.html Web form pop-up window. For example:
Resetting PINs in the WebPAC Using the Patron Verification Form
SAML-based authentication has a similar process for resetting PINs, but does not use the Web forms below.
Patrons who are not logged in to the WebPAC can reset their forgotten or compromised PINs by selecting the Forgot your PIN? link on any patron verification form. For example:
The link enabling patrons to reset their PINs is controlled by the <!--{pinresetrequest}--> token, shown above. Clicking the link displays the Request a PIN Reset form. For example:
From this form, patrons enter a non-PIN validation. You can customize this form by editing the pinreset_request.html Web form.
If the patron successfully validates, WebPAC displays the PIN Request Confirmation form. This form's display is controlled by the pinreset_request_success.html Web form.
The system also sends an email to the patron's email address with an informational message and a URL to the Reset PIN form. For example:
The library received a request to allow you to reset your Personal Identification Number (PIN) used to log in. If you did not place that request, please ignore this message. Your PIN has not changed. Otherwise, please click the link below to choose a new PIN. http://lib.cat.edu/pinreset~S2?info=b763c0ad96a2b9c3f99f3c81276c52269bf7f302a0565e93f0b 429d32e28ecaed6f6f11f4a49caa1 This link is valid for 3 hours from the time of your request.
Email properties are controlled by the PIN_RESET_EMAIL Web option and the pinreset_email.html customizable Web form.
From the link in the notification email, users can access the Reset a PIN form. For example:
From this form, the system prompts the user to validate against the patron record again. The system matches validation against the patron record and the validation entered on the Reset PIN form before resetting the PIN. The form's display is controlled by the pinreset.html Web form.
Setting Up Reset a PIN Functionality
To enable WebPAC to allow patrons to reset their PINs, complete the following system configurations:
- Set the PIN_RESET Web option to "true".
- Set the PIN_RESET_EMAIL Web option using valid system email addresses.
The PIN_RESET_EMAIL controls the subject line, the From: address, and the Reply To: address in the system-generated email. The From: address is required. You can customize the body of the notification email by editing the pinreset_email.html Web form.
- Add the <!--{pinresetrequest}--> token to any appropriate patron verification forms on your system.
- Customize your ICON_PIN_RESET Web option, as needed.
- Customize the following Web forms, as needed:
- Customize your Users Messages Configuration file, as needed.