Masking Patron PINS Starts Mon, 4/16

PrintPrintDownload PDFDownload PDF
Added by SWAN Admin (03/26/2018 - 11:54) , last updated by Lauren Levaggi (10/31/2018 - 18:12)

SWAN will begin masking patron PINs in Symphony at the start of the day Monday, April 16. This is a global setting for SWAN, and it will coincide with our 3rd year anniversary on Symphony.

Why mask?

  • The primary issue is security. SWAN holds 1 million user records, and having the PIN viewed by library staff is not a secure practice.
  • Studies have shown that password/PIN reuse is common, with 61% of passwords being reused.
  • If 61% of library users are potentially reusing PINs, we are potentially seeing their bank PIN, their voicemail PIN, or their phone PIN.

What Will Make SWAN More Secure?

  • Masking patron PINs
  • Encrypting PINs, which will be a new feature in Symphony 3.5.3 (upgrade planned later in 2018)
  • Continuing SWAN's current Symphony global setting of random 4 digit PIN (some local library practice changes this PIN during registration)
  • Utilizing HTTPS and VPNs throughout the SWAN infrastructure
  • Encouraging patrons to reset PINs using the Enterprise feature, which is now part of the new website footer on every Enterprise profile

Increasing our software security is always a balance. As the executive director of the organization, I am responsible for ensuring SWAN has complied with the most basic practices in security. This change on Monday, April 16, 2018 will be one step of several others planned, and I hope you support this effort.

 Documentation (updated 4/23/2018)