[Eril-l] [EXTERNAL] Re: Tools for managing shared passwords
Electronic Resources in Libraries discussion list
eril-l at lists.eril-l.org
Thu Feb 1 12:51:07 PST 2024
I assume that you do not have a Library Services Platform with an ERM? We
have FOLIO and one of the features I like the most is the ability to store
Administration (or other) login information.
This doesn't help much with 2 factor authentication and mandated ongoing
password changes. However, it does allow multiple library staff to access
the passwords and keeps them secure. (The staff do have to know the name of
the vendor/resource and they have to cut & paste to make it work.)
Judith
--
Judith Nagata (she/her)
Electronic Resources & Serials Librarian
Dinand Library
College of the Holy Cross
Worcester, MA 01610
p: 508-793-2639
e: jnagata at holycross.edu
On Thu, Feb 1, 2024 at 3:36 PM Electronic Resources in Libraries discussion
list via Eril-l <eril-l at lists.eril-l.org> wrote:
> We went with KeePass a few years ago in addition to moving accounts from
> individual emails to generic emails. Just in case I win the lottery and
> suddenly move to an uncharted island, I can now rest easy knowing that
> someone else can easily take over the reins.
>
> ~~~~~~~~~~~~~~~
> Jenifer Holman (she, her, hers)
> Electronic Resources Librarian
> Van Wylen Library, Hope College
> 53 Graves Place
> Holland, MI 49423
>
> phone: 616-395-7793
> email: holman at hope.edu
>
> Book an Appointment <https://calendar.app.google/nBUm9sJPa5Kvs4257>
>
>
> On Thu, Feb 1, 2024 at 12:36 PM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
>> I'm going out on a limb on this one. I think librarians can be far too
>> hung up on securing passwords that don't really mean anything to anyone -
>> don't lead to any privacy breaches, and no one else would ever care about
>> your settings. I am mostly thinking about vendor "customer admin dashboard"
>> type of credentials, which I think at least some of the discussion here
>> about sharing passwords is about.
>> I am completely comfortable storing such passwords in plain text in
>> shared file locations, have done so for over a decade, and have NEVER had a
>> single problem with any vendor or staff person messing with our accounts.
>> I won't detail the specifics on an open listserv as that might invite
>> hacking, but there is a cost to being overprotective in terms of staff
>> productivity and that could well trickle down into inferior patron-facing
>> resources.
>>
>> Melissa Belvadi
>> mbelvadi at upei.ca
>> Make an appointment: https://mbelvadi.youcanbook.me/
>> ------------------------------
>> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
>> Resources in Libraries discussion list via Eril-l <
>> eril-l at lists.eril-l.org>
>> *Sent:* Thursday, February 1, 2024 12:58 PM
>> *To:* Electronic Resources in Libraries discussion list <
>> eril-l at lists.eril-l.org>
>> *Subject:* Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared
>> passwords
>>
>>
>> *CAUTION:* This email originated from outside of UPEI. Do not click
>> links or open attachments unless you recognize the sender and know the
>> content is safe. If you are uncertain, please forward to phishing at upei.ca
>> and delete this email.
>>
>>
>>
>> *WARNING:* The sender of this email could not be verified and may not
>> match the person in the 'FROM' field. Do not click links or open
>> attachments unless you recognize the sender and know the content is safe.
>> If you are uncertain, please forward to phishing at upei.ca and delete this
>> email.
>>
>>
>> LastPass had a fairly significant security breach
>> <https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/>
>> in 2022.
>>
>> We now use Keeper <https://keepersecurity.com/> on campus. I also
>> use 1Password <https://1password.com/> at home to manage personal and
>> family passwords.
>>
>> Switching to a new enterprise system is always a bit of a learning
>> curve.
>>
>> If you use more than one password manager, it can be fun to watch them
>> trying to duke it out on your browser screen whenever a login prompt
>> appears! 🙄
>>
>> Vickie
>>
>> On Thu, Feb 1, 2024 at 11:34 AM Electronic Resources in Libraries
>> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>>
>> Hi Mary Beth
>>
>> We just started using LastPass, provided by the college. We are a small
>> group, so there are only five people that have access to the shared
>> password folder. This is new to us - we had been using notes fields in
>> Sierra's ERM module, and had planned to continue that sort of process when
>> we migrated to Alma, but security concerns as well as some confusion (mine,
>> mostly) about how to handle multiple resources that share an admin account
>> (like ProQuest's databases). We are a Google Workspace campus, so we also
>> have a shared email account via Google Groups. The shared email can be the
>> "username" for most admin accounts, so no single person is linked to the
>> admin space.
>>
>> So far, pros:
>>
>> - Several of us can share passwords by use of a shared folder
>> - Updates to passwords only need to be made in one place, one time
>> - Admin accounts are more secure in that they are not viewable by
>> staff in our LMS
>>
>>
>> Cons:
>>
>> - LastPass is aggressive, when it is active. It wants to try to fill
>> in everything!
>> - We have a dual factor authentication process that can be
>> cumbersome. As an example, I use a separate password manager to handle my
>> login to LastPass
>> - The college is planning to replace LastPass with something else, so
>> there is a new learning curve coming our way
>>
>>
>> I hope this helps!
>>
>> Mike
>>
>> On Thu, Feb 1, 2024 at 11:03 AM Electronic Resources in Libraries
>> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>>
>> Hello,
>>
>> I hope this email finds you well. I am reaching out to the listserv to
>> enquire about your practices regarding password management for shared admin
>> accounts. While we utilize user-specific logins when we can, we are
>> exploring options for improving the way we manage shared passwords.
>>
>> What are your method(s)? Do you use a password manager to share passwords
>> with authorized colleagues? Does your method work well or are there any
>> drawbacks to it?
>>
>> Please feel free to respond off-list.
>>
>> Thanks, and best regards,
>>
>> ~Mary Beth
>>
>> --
>> Mary Beth Holm
>> Electronic Resources Librarian
>> Virginia Commonwealth University
>> VCU Libraries
>> 901 Park Ave / PO Box 842033
>> Richmond, VA 23284-2033
>> Email: holmm at vcu.edu
>> PH: 804-827-0925
>> Fax: 804-828-5672
>> _______________________________________________
>> Eril-l mailing list
>> Eril-l at lists.eril-l.org
>> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>>
>>
>>
>> --
>> Michael McGuire
>> Electronic Resources Librarian
>> Colby College Libraries
>> 5161 Mayflower Hill
>> Waterville, ME 04901
>> _______________________________________________
>> Eril-l mailing list
>> Eril-l at lists.eril-l.org
>> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>>
>>
>> This information is intended solely for the use of the individual to whom it is addressed.
>> Any review, disclosure, copying, distribution or use of this e-mail communication by
>> others is strictly prohibited. If you are not the intended recipient, please notify us
>> immediately by returning this message to the sender and delete all copies.
>>
>> _______________________________________________
>> Eril-l mailing list
>> Eril-l at lists.eril-l.org
>> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240201/f78abef9/attachment.htm>
More information about the Eril-l
mailing list