To enhance the security of your dashboard, we have now adjusted the requirement for the password:
at least 8 characters
uppercase and lowercase letters
a number and special character
If in the event that you have lost your password, you can click "Forget Password". Once you have done so, you will receive a link in your email for you to reset it. The reset link will be valid for 20 minutes.
If you would like to enable 2-Factor Authentication, please read this article and follow the instructions and enable this setting for your dashboard.
Brute Force Protection
We protect your admin account against brute force attacks. After a number of unsuccessful login attempts within a set time period, your account will be locked. If that should happen to you, please contact firstname.lastname@example.org for help.
Session Time Out
After 30 minutes of inactivity, we will automatically terminate your admin session and you will be prompted to log in again.
Requesting a new Admin User
In case your institution requires additional admin users to be setup, please contact email@example.com.
Requests will only be accepted from the primary account contact, as communicated during initial setup.
Passwords will be emailed only to the new account holder and must be reset upon first login.
How Do You Secure My Password
We do not store your password, but store something known as a password hash, which utilises a salt to increase entropy. Additionally, the hashing algorithm has a "cost" applied, which defines the number of iterations the hashing algorithm completes before returning the hash, which we then store.
All traffic between the admin environment and your browser is encrypted through the https protocol.
While we do everything in our power to protect access to your admin area, please remember that it is vital to not re-use passwords between sites and to pick a password that is sufficiently random and doesn't follow an easy-to-guess pattern.
If you are an end user of our extension, we would like to assure you that we do not store passwords for you at all and will never ask you to enter your password on a Lean Library site.