[Eril-l] [EXTERNAL] Re: Tools for managing shared passwords

Electronic Resources in Libraries discussion list eril-l at lists.eril-l.org
Thu Feb 1 09:24:33 PST 2024 

I'm going out on a limb on this one. I think librarians can be far too hung up on securing passwords that don't really mean anything to anyone - don't lead to any privacy breaches, and no one else would ever care about your settings. I am mostly thinking about vendor "customer admin dashboard" type of credentials, which I think at least some of the discussion here about sharing passwords is about.
I am completely comfortable storing such passwords in plain text in shared file locations, have done so for over a decade, and have NEVER had a single problem with any vendor or staff person messing with our accounts.
I won't detail the specifics on an open listserv as that might invite hacking, but there is a cost to being overprotective in terms of staff productivity and that could well trickle down into inferior patron-facing resources.

Melissa Belvadi
mbelvadi at upei.ca
Make an appointment: https://mbelvadi.youcanbook.me/
________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org>
Sent: Thursday, February 1, 2024 12:58 PM
To: Electronic Resources in Libraries discussion list <eril-l at lists.eril-l.org>
Subject: Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared passwords


CAUTION: This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca and delete this email.


WARNING: The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca and delete this email.

LastPass had a fairly significant security breach<https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/> in 2022.

We now use Keeper<https://keepersecurity.com/> on campus.      I also use 1Password<https://1password.com/> at home to manage personal and family passwords.

Switching to a new enterprise system is always a bit of a learning curve.

If you use more than one password manager, it can be fun to watch them trying to duke it out on your browser screen whenever a login prompt appears!   🙄

Vickie

On Thu, Feb 1, 2024 at 11:34 AM Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>> wrote:
Hi Mary Beth

We just started using LastPass, provided by the college. We are a small group, so there are only five people that have access to the shared password folder. This is new to us - we had been using notes fields in Sierra's ERM module, and had planned to continue that sort of process when we migrated to Alma, but security concerns as well as some confusion (mine, mostly) about how to handle multiple resources that share an admin account (like ProQuest's databases). We are a Google Workspace campus, so we also have a shared email account via Google Groups. The shared email can be the "username" for most admin accounts, so no single person is linked to the admin space.

So far, pros:

  *   Several of us can share passwords by use of a shared folder
  *   Updates to passwords only need to be made in one place, one time
  *   Admin accounts are more secure in that they are not viewable by staff in our LMS

Cons:

  *   LastPass is aggressive, when it is active. It wants to try to fill in everything!
  *   We have a dual factor authentication process that can be cumbersome. As an example, I use a separate password manager to handle my login to LastPass
  *   The college is planning to replace LastPass with something else, so there is a new learning curve coming our way

I hope this helps!

Mike

On Thu, Feb 1, 2024 at 11:03 AM Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>> wrote:

Hello,


I hope this email finds you well. I am reaching out to the listserv to enquire about your practices regarding password management for shared admin accounts. While we utilize user-specific logins when we can, we are exploring options for improving the way we manage shared passwords.


What are your method(s)? Do you use a password manager to share passwords with authorized colleagues? Does your method work well or are there any drawbacks to it?


Please feel free to respond off-list.


Thanks, and best regards,


~Mary Beth

--
Mary Beth Holm
Electronic Resources Librarian
Virginia Commonwealth University
VCU Libraries
901 Park Ave / PO Box 842033
Richmond, VA 23284-2033
Email: holmm at vcu.edu<mailto:holmm at vcu.edu>
PH: 804-827-0925
Fax: 804-828-5672
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org


--
Michael McGuire
Electronic Resources Librarian
Colby College Libraries
5161 Mayflower Hill
Waterville, ME 04901
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org


This information is intended solely for the use of the individual to whom it is addressed.
Any review, disclosure, copying, distribution or use of this e-mail communication by
others is strictly prohibited.  If you are  not the intended recipient, please notify us
immediately by returning  this message to the sender and delete all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240201/898ad3bb/attachment.htm>

More information about the Eril-l mailing list