Managing Accounts for Your Drupal Site

Avoid Security Risks

Your account for maintaining your library’s website includes some limitations on the type of changes you can make to the website. Even with these limits, in the wrong hands, your account could pose a risk to the site. A hacker could use it to launch a cross site scripting (XSS) attack, in which they take control of the site and do whatever they want with it -- take it offline, post inappropriate content, etc.

To avoid security risks, it is important to protect your account by following these rules:

  • Use a strong password that would be difficult for others to guess -- at least 8 characters with uppercase, numbers, and punctuation.
  • Don't share the password with others, and don't keep it written on post-it notes stuck to the monitor, under the keyboard, etc.
  • Don't leave your computer unattended while you are logged in at workstations the public could easily access. Log out of the site or lock your computer if you are stepping away.
  • If you find it difficult to remember a secure password for your site, consider using a password manager like KeePass (http://keepass.info/) or PassPack (http://www.passpack.com/).

Logging In

Your account username and password will be provided. The login page can be found with the pattern:
http://www.example.com/user (replace “www.example.com” with the appropriate address for your site)
Upon login, a black/gray toolbar will appear at the top of your site with shortcut links to maintain your site.

If you forget your account password:

  1. Visit the login page for your site.
  2. Click the "Request new password" tab.
  3. Enter your username or current account email address and click the E-mail new password button.
  4. An email will be sent with single-use replacement login information. Click the link in this message to log in and set your password.

Changing Your Account Email or Other Info

To change details related to your account (password, email address, etc.):

  1. Click the link for “Hello <your username>” in the upper right corner of the black toolbar.
  2. Click the Edit tab.
  3. To change to your email address or password:
    1. Enter your current password in the Current password field.
    2. Enter your new email address or password in the E-mail address or Password field.
      1. If changing your password, enter the new password a second time in the Confirm password field.
  4. Make any other changes you require.
  5. Click Save.
  6. OpenID Identities tab: Use this for managing OpenIDs to log into your Drupal account.
  7. File Browser tab: Use this to view, upload, delete, and perform other actions on image and document files separately from creating/editing a page on your site.
  8. Click Log out in the upper right corner of the black toolbar when you are finished.

OpenID (optional)

Your Drupal account is all you need to manage your website, but you may also choose to use OpenID, a secure way to log in to many websites using a single username and password. OpenID can reduce the necessity of managing many usernames and passwords for many websites.
To use OpenID you must first establish an identity on a public or private OpenID server. If you do not have an OpenID and would like one, look into one of the free public providers (http://openid.net/get/). You can find out more about OpenID at http://openid.net/.
If you already have an OpenID, select “Log in using OpenID” and enter the URL to your OpenID server (e.g. myusername.openidprovider.com). Next time you log in, you will be able to use this URL instead of your Drupal account username and password.