[Eril-l] [EXTERNAL] Re: Tools for managing shared passwords

Electronic Resources in Libraries discussion list eril-l at lists.eril-l.org
Thu Feb 1 12:34:29 PST 2024


We went with KeePass a few years ago in addition to moving accounts from
individual emails to generic emails. Just in case I win the lottery and
suddenly move to an uncharted island, I can now rest easy knowing that
someone else can easily take over the reins.

~~~~~~~~~~~~~~~
Jenifer Holman (she, her, hers)
Electronic Resources Librarian
Van Wylen Library, Hope College
53 Graves Place
Holland, MI 49423

phone: 616-395-7793
email: holman at hope.edu

Book an Appointment <https://calendar.app.google/nBUm9sJPa5Kvs4257>


On Thu, Feb 1, 2024 at 12:36 PM Electronic Resources in Libraries
discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:

> I'm going out on a limb on this one. I think librarians can be far too
> hung up on securing passwords that don't really mean anything to anyone -
> don't lead to any privacy breaches, and no one else would ever care about
> your settings. I am mostly thinking about vendor "customer admin dashboard"
> type of credentials, which I think at least some of the discussion here
> about sharing passwords is about.
> I am completely comfortable storing such passwords in plain text in shared
> file locations, have done so for over a decade, and have NEVER had a single
> problem with any vendor or staff person messing with our accounts.
> I won't detail the specifics on an open listserv as that might invite
> hacking, but there is a cost to being overprotective in terms of staff
> productivity and that could well trickle down into inferior patron-facing
> resources.
>
> Melissa Belvadi
> mbelvadi at upei.ca
> Make an appointment: https://mbelvadi.youcanbook.me/
> ------------------------------
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
> Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org
> >
> *Sent:* Thursday, February 1, 2024 12:58 PM
> *To:* Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> *Subject:* Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared passwords
>
>
> *CAUTION:* This email originated from outside of UPEI. Do not click links
> or open attachments unless you recognize the sender and know the content is
> safe. If you are uncertain, please forward to phishing at upei.ca and delete
> this email.
>
>
>
> *WARNING:* The sender of this email could not be verified and may not
> match the person in the 'FROM' field. Do not click links or open
> attachments unless you recognize the sender and know the content is safe.
> If you are uncertain, please forward to phishing at upei.ca and delete this
> email.
>
>
> LastPass had a fairly significant security breach
> <https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/>
> in 2022.
>
> We now use Keeper <https://keepersecurity.com/> on campus.      I also
> use 1Password <https://1password.com/> at home to manage personal and
> family passwords.
>
> Switching to a new enterprise system is always a bit of a learning curve.
>
>
> If you use more than one password manager, it can be fun to watch them
> trying to duke it out on your browser screen whenever a login prompt
> appears!   🙄
>
> Vickie
>
> On Thu, Feb 1, 2024 at 11:34 AM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
> Hi Mary Beth
>
> We just started using LastPass, provided by the college. We are a small
> group, so there are only five people that have access to the shared
> password folder. This is new to us - we had been using notes fields in
> Sierra's ERM module, and had planned to continue that sort of process when
> we migrated to Alma, but security concerns as well as some confusion (mine,
> mostly) about how to handle multiple resources that share an admin account
> (like ProQuest's databases). We are a Google Workspace campus, so we also
> have a shared email account via Google Groups. The shared email can be the
> "username" for most admin accounts, so no single person is linked to the
> admin space.
>
> So far, pros:
>
>    - Several of us can share passwords by use of a shared folder
>    - Updates to passwords only need to be made in one place, one time
>    - Admin accounts are more secure in that they are not viewable by
>    staff in our LMS
>
>
> Cons:
>
>    - LastPass is aggressive, when it is active. It wants to try to fill
>    in everything!
>    - We have a dual factor authentication process that can be cumbersome.
>    As an example, I use a separate password manager to handle my login to
>    LastPass
>    - The college is planning to replace LastPass with something else, so
>    there is a new learning curve coming our way
>
>
> I hope this helps!
>
> Mike
>
> On Thu, Feb 1, 2024 at 11:03 AM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
> Hello,
>
> I hope this email finds you well. I am reaching out to the listserv to
> enquire about your practices regarding password management for shared admin
> accounts. While we utilize user-specific logins when we can, we are
> exploring options for improving the way we manage shared passwords.
>
> What are your method(s)? Do you use a password manager to share passwords
> with authorized colleagues? Does your method work well or are there any
> drawbacks to it?
>
> Please feel free to respond off-list.
>
> Thanks, and best regards,
>
> ~Mary Beth
>
> --
> Mary Beth Holm
> Electronic Resources Librarian
> Virginia Commonwealth University
> VCU Libraries
> 901 Park Ave / PO Box 842033
> Richmond, VA 23284-2033
> Email: holmm at vcu.edu
> PH: 804-827-0925
> Fax: 804-828-5672
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
>
>
> --
> Michael McGuire
> Electronic Resources Librarian
> Colby College Libraries
> 5161 Mayflower Hill
> Waterville, ME 04901
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
>
> This information is intended solely for the use of the individual to whom it is addressed.
> Any review, disclosure, copying, distribution or use of this e-mail communication by
> others is strictly prohibited.  If you are  not the intended recipient, please notify us
> immediately by returning  this message to the sender and delete all copies.
>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240201/7aaa2a0d/attachment.htm>


More information about the Eril-l mailing list