« Library patron records confidentiality? A proposed exception you could drive a truck through | Main | Sign up for online digital copyright course - class starts in late August »


It should be considered unconscionable for library technology providers, public library administrators, or public library boards to require weak passwords. If conscience doesn't kick in, the apprehension of legal exposure should.

A password (PIN) limited to four digits must be one of only ten thousand possible codes. Think how long it would take a determined individual to crack the password, even if he were to forego a brute force attack and merely use trial and error and guessing (certain subsets of the 10,000-code range set are more likely to contain authored passwords than are others), provided he had a patron's library account number. (Account numbers are not printed only on library cards; they may also be found on printouts of patron transactions, in correspondence, and sometimes on sign-in sheets, or may be read from terminal screens.) Potential risks to an individual from a stalker, identity thief, mischief-maker, or purposeful operative, while significant enough, are not all that we should be concerned about.

When library account numbers for a library system run sequentially, any valid account number can serve as a starting point. An encroacher could move through the range of account numbers, perhaps cracking several, or many, or all in the system. That would be very difficult to accomplish were it necessary to crack strong passwords.

A few years ago I managed the conversion of a large public library system from Dynix to Innovative Interfaces. The Dynix pin was 4 digits and was always the last 4 digits of their phone number. Not very secure but easy for users to remember and it was stored in the visible patron record so circulation staff could look it up for anyone who forgot what phone number they used.
Interestingly, when we switched to Innovative we had complaints from library staff because the pin was hidden from them and the patron could change the pin himself through the web page. Staff could blank it out if someone forgot, but they couldn't see it and they didn't necessarily "know" what it was.
They had me put a statement on the web page that said the pin was "usually the last 4 digits of your phone number." Innovative does allow longer alpha-numeric pins (up to 30 characters I believe) but it only uses the first 8 characters.
I'd be interested to know if there are reports of problems related to someone guessing someone else's pin. In that public library we had more trouble with people who obtained extra library cards.

Thanks, Lynn and Diane.


Unicorn (SirsiDynix)allows for alpha-numeric PINs up to 10 digits. Our initial default is 4 numeric digits but we encourage all customers to change their pin to something more complex and secure.
(Virginia Beach Public Library, Virginia)

Hi Mary,

I can speak for HIP (front-end for Horizon and some Dynix Classic sites). HIP requires a 4-digit PIN - no more characters and no less. It must be all numbers (no alpha characters). Patrons can change their PINs at any time through HIP or they can ask staff for assistance.

Enhancement requests had been made to SirsiDynix (and Dynix before that) to increase security but these are irrelevant now that HIP is a dead product line. I am told that iPac (the product line that came before HIP) allowed patrons to use alpha characters but they were still limited to just 4 characters. I don't know how Rome will work.

Hope this helps,


The comments to this entry are closed.