The password requirement on the user account login is really excessive
I really don't think its necessary to require passwords to have both a lower case, upper case, punctuation and a number. This is really excessive. These requirements exceed the requirements for every secure site I have ever used: four brokerages, five insurance companies, sieight forture 500 companies I do consulting for, three retirement accounts and a dozen credit cards, etc etc. I have a sixteen character password which is plenty secure by any reasonable measure but it doesn't cut the muster for the Canton Public Library?
This password excess can actually promote insecurity because ittends to cause people to write it down becuase it doesn't match any other password they use. For me its a really pain because I have to get my password reset every single time I want to log in. Hopefully your IT director will consider changing this to a little more rational scheme.