Configure password policies

Note: Password policies apply to Destiny and Destiny Discover. The configuration for password policies is conducted in Destiny.

If you want to increase the security for your district, you can configure Destiny to enforce a strict password policy. You can require a strong password, establish a password expiration date, and lock out users based on a number of unsuccessful login attempts. These last settings are also an effective defense against automated password discovery tools.

1. Log in as a Destiny Administrator.
2. Select Setup > District Options.
3. Next to Password Policies, click Edit.
4. To require patrons to enter a password that is a minimum of 8 characters in length and includes both alpha and numeric characters, select the Strong password required checkbox.
   

   note: The default policy allows the password to be any length and use any characters. Setting up strong passwords does not invalidate any existing weak passwords.

5. To require patrons to change their passwords periodically, enter the number of days after which a password expires in the Login expires field.
   
6. To set the maximum number of unsuccessful login attempts, select a number from the Login attempts allowed drop-down. Once this number is attempted, Destiny disables the user account for the length of the delay.
   
7. In the Login lockout delay drop-down, enter the number of minutes Destiny waits before allowing another login attempt for this user.
   

   Note: If you limit the number of login attempts, you must define the lockout delay time.

8. Click Save.

To eliminate any existing weak passwords, require all patrons to update theirs to a strong password, and set an expiration date. Once all the passwords are strong, you can delete or increase the expiration time so that patrons do not have to update them too frequently.