Security Tip #1: Change the Default Password for the kohaadmin User

The default password for the kohaadmin user is katikoan. When running Makefile.PL, you will see this prompt:

“Please specify the password of the user that owns the
database to be used by Koha [katikoan]”

Rather than hitting the enter key and moving along, take a moment to change this password to something different and something strong. Remember, every person who has ever installed Koha knows the default username and password. Furthermore, according to one researcher, it only takes about 58 hours to crack an 8 alphabetic character lower-case password using software and non-dictionary words. If you cannot think of a strong, unique password, you can create a few which no one will guess here.

Remember to create your database user with the same username/password combination you selected during the Makefile.PL run. If you need to change the username and/or password at a later time be sure to change it in both koha-conf.xml and in the database. For more information on how to change the username/password in MySQL, see any of the INSTALL files that come with the source of Koha. You may also view one here.

Good security is always a wise investment, and implementation of this recommendation will cost you only a few minutes.