![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
edenfallingMy local public library, as many libraries do (and bless them for it), provides limited free internet service. In the case of the Tompkins County Public Library, you have to have a library card to get online, because they use a program to boot users off the computer after 65 minutes and make sure each person can only get 65 minutes each day. This is because there are almost always more people who want to get online than there are available computers, particularly between 10am and 5pm.
I guess people were gaming the system by entering random card numbers to get more time, because sometime in the last month, the library has added a new security layer. Now you need your card number AND your account password to log on to a computer with internet access.
Which would be fine, except for one tiny problem.
The default password that the system assigns to people when they get library cards (and therefore library accounts) is the last four digits of your phone number. It is possible to change this password to something that is A) longer, B) less freaking obvious to anyone who reads the basic public blurbs that are all over the sign-in pages, and C) easier to remember.
The thing is, the new log-on program that lets people use the library's free internet stations only accepts passwords that are four characters long. If you try to enter a fifth character, it will not register. No little asterisk appears on the screen.
Whoever wrote the authenticator program either did not know or completely ignored the inconvenient fact that library members can (and do!) change their passwords to something other than the four-digit phone code. I can tell this not just because of the character limits, but because the authenticator window referred to the password as a PIN.
I did not have anything attached to my library account that could be mistaken for a PIN anymore; I had changed it to a proper password years ago. And therefore I could not get online, as my habitual password is significantly longer than four characters.
I complained to a librarian at the reference desk (they referee the internet computer stations), who sent me to the circulation desk. At the circulation desk, I got a second librarian to pull up my account and reset my password to the tail end of my phone number, but it took a bit of back-and-forth before I could get her to realize what my problem even was. In retrospect, I could probably have changed my password myself on one of the card catalogue computer stations -- you have to be able to log in on those, in order to place hold requests and renew books -- but this way the issue has been reported to two librarians. Hopefully one or the other of them will report it to whoever does the programming, and it will get fixed before it trips up too many other people.
I guess people were gaming the system by entering random card numbers to get more time, because sometime in the last month, the library has added a new security layer. Now you need your card number AND your account password to log on to a computer with internet access.
Which would be fine, except for one tiny problem.
The default password that the system assigns to people when they get library cards (and therefore library accounts) is the last four digits of your phone number. It is possible to change this password to something that is A) longer, B) less freaking obvious to anyone who reads the basic public blurbs that are all over the sign-in pages, and C) easier to remember.
The thing is, the new log-on program that lets people use the library's free internet stations only accepts passwords that are four characters long. If you try to enter a fifth character, it will not register. No little asterisk appears on the screen.
Whoever wrote the authenticator program either did not know or completely ignored the inconvenient fact that library members can (and do!) change their passwords to something other than the four-digit phone code. I can tell this not just because of the character limits, but because the authenticator window referred to the password as a PIN.
I did not have anything attached to my library account that could be mistaken for a PIN anymore; I had changed it to a proper password years ago. And therefore I could not get online, as my habitual password is significantly longer than four characters.
I complained to a librarian at the reference desk (they referee the internet computer stations), who sent me to the circulation desk. At the circulation desk, I got a second librarian to pull up my account and reset my password to the tail end of my phone number, but it took a bit of back-and-forth before I could get her to realize what my problem even was. In retrospect, I could probably have changed my password myself on one of the card catalogue computer stations -- you have to be able to log in on those, in order to place hold requests and renew books -- but this way the issue has been reported to two librarians. Hopefully one or the other of them will report it to whoever does the programming, and it will get fixed before it trips up too many other people.
