Millennium password rules

Author: James Lake
Posted in: Systems

Millennium passwords expire every 360 days.  Millennium is supposed to warn you 25 days prior to expiration that your password needs to be changed.  Passwords (other than front desk circ logins) must NOT be shared. See policy details below.

Password construction rules:

  • New password must not match old password
  • 8 characters (no more, no less)
  • at least 2 upper case letters
  • at least 1 number

Front desk circ logins in the form “circxxxx” where xxxx = unit are changed at least twice a year. Circ Services Group manages the process of handing out new passwords for these logins. These should be changed any time there are security concerns – request this via an OskiCat helpdesk ticket.

Circulation supervisors should be aware that the password that they will be prompted to change every 360 days is their loginpassword.  If you ever go out to the front desk (which is logged in with your circxxxx login) to override some circ rule and need to set your initials, this is actually a different password which the system does not keep in sync with your login password.

What does this mean for circ supervisors?

When you change your password yourself, that only changes your login password. Keep using your old password when asked to set initials until you are able to change your password for your initials to match that of your new login password you chose.  This usually happens at Circ Services in June or can be requested via an OskiCat Helpdesk ticket.

Policy

Millennium Login Account Agreement

To protect the integrity of the Millennium ILS, each person who uses a Millennium Login Account must agree to these conditions in order to be authorized to use the system:

  1. Passwords must never be shared. Each person who uses Millennium must use their own individual password, with the exception of the “view only” shared account and the front desk circulation accounts used at circulation desks. This includes student employees. You must not share your password with your supervisor, with those you supervise, or anyone. In addition to the sharing of actual passwords being not allowed, it is also not allowed to “log someone in” as you and allow them to do work on the system using your login.
  2. Training is a prerequisite for authorization and a login to use the system. Each person who uses Millennium must first attend training. The only exception is for the shared view only account.
  3. Passwords must not be sent over email or included in OskiCat helpdesk tickets. It is ok to put your login in the ticket, but not the password.
  4. Staff are expected to monitor the listserv for their module: circulation (circstaff), cataloging (catstaff); acquisitions and serials (acqser). This is our primary communication tool about the system. If you supervise students who use Millennium, you are responsible for communicating relevant updates to them. Students are not being added to the listserv as accounts are created for them. Students must reply to this message however if they have authorizations to use the system.

This policy has been established to protect the integrity of our data and our collections.

Why is security so important?

  • We have an INTEGRATED Library System – Cataloging, Circulation, Acquisitions, Serials, all share one unified catalog. This means that the potential for damage if someone inadvertently makes a mistake is high.
  • This catalog is available from anywhere in the world, if you have the client and a password. The potential for deliberate harm to our data has been increased now that we are on a point and click system without IP address based access limits.
  • Each person’s authorization provides permissions unique to their training and workflow.
  • If you are using someone else’s login you may inadvertently do damage you aren’t even aware of.
  • The Library can suffer loss of extremely high use, high value Library material due to abuses of out of date or shared logins. We are attempting to reduce the potential for this type of theft so that our materials remain available to our patrons and our investments are protected.
  • As a Library, our database is the key to our collections and is the investment of generations of hard working Library employees. Maintaining the integrity of this data is a serious duty, and strict enforcement of training and password policies is the first step to protecting this legacy. Adequate training and documentation are also key to success in this area.

Enforcement

Violation of this “no password sharing” policy will result in:

  1. Your login being disabled
  2. Notification of the violation to your supervisor
  3. Meeting with the system manager to verify future breaches can be avoided and when login will be reestablished

Legacy Data

Last updated date: 09/01/15
Author: C. Takaro
Update Group: Systems

Created: April 27, 2016
Last revised: December 1, 2016
Review date: None set

Leave a comment

Your email address will not be published. Required fields are marked *