Patron Registration - Not Obvious Last 4 of Phone Used for Password

+1

Any four-digit number would be a ridiculously insecure password, and the last four digits of a phone number is even worse. If a patron specifically tells me, "set my password to 1234", that's one thing; but automatically doing this sort of thing without an explicit say-so from the patron is borderline criminal in states with privacy laws. The patron thinks they've signed up to check items out from the library, and in fact they've signed up to donate a list of all the books they've checked out to anyone who can look up or guess the last four digits of their phone number.

In my experience, libraries choose the last four of phone option at migration because it is easy for the patron to remember when they first login to their account. I agree that the last four of the phone is not a secure choice, but the patron always has the option to use the phone number for their first OPAC login, and change it after that. In fact, that should always be a standard follow through, even if a random password is generated at login. That password is not secure either because the library staff member who registered the patron knows what it is.

As for the original post, I agree that some staff may be unaware that the password will change when a phone number is entered, and give the patron the incorrect password. It would be helpful if there was some way to manage that in the registration screen.