[Eril-l] [EXTERNAL] Re: Tools for managing shared passwords

Electronic Resources in Libraries discussion list eril-l at lists.eril-l.org
Thu Feb 1 13:45:11 PST 2024 

We also record this information in the vendor records of our ILS.

Theresa Arndt
Dickinson College Library
arndtt at dickinson.edu
she/her/hers

________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org>
Sent: Thursday, February 1, 2024 3:51 PM
To: Electronic Resources in Libraries discussion list <eril-l at lists.eril-l.org>
Subject: Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared passwords

Caution:This email originated from outside of the College. Do not click links or open attachments unless you recognize the sender and know the content is safe. Report anything suspicious to the HelpDesk.


I assume that you do not have a Library Services Platform with an ERM?  We have FOLIO and one of the features I like the most is the ability to store Administration (or other) login information.
This doesn't help much with 2 factor authentication and mandated ongoing password changes. However, it does allow multiple library staff to access the passwords and keeps them secure. (The staff do have to know the name of the vendor/resource and they have to cut & paste to make it work.)

Judith

--
Judith Nagata  (she/her)
Electronic Resources & Serials Librarian
Dinand Library
College of the Holy Cross
Worcester, MA 01610
p: 508-793-2639
e: jnagata at holycross.edu<mailto:jnagata at holycross.edu>


On Thu, Feb 1, 2024 at 3:36 PM Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>> wrote:
We went with KeePass a few years ago in addition to moving accounts from individual emails to generic emails. Just in case I win the lottery and suddenly move to an uncharted island, I can now rest easy knowing that someone else can easily take over the reins.

~~~~~~~~~~~~~~~
Jenifer Holman (she, her, hers)
Electronic Resources Librarian
Van Wylen Library, Hope College
53 Graves Place
Holland, MI 49423

phone: 616-395-7793
email: holman at hope.edu<mailto:holman at hope.edu>

Book an Appointment<https://calendar.app.google/nBUm9sJPa5Kvs4257>


On Thu, Feb 1, 2024 at 12:36 PM Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>> wrote:
I'm going out on a limb on this one. I think librarians can be far too hung up on securing passwords that don't really mean anything to anyone - don't lead to any privacy breaches, and no one else would ever care about your settings. I am mostly thinking about vendor "customer admin dashboard" type of credentials, which I think at least some of the discussion here about sharing passwords is about.
I am completely comfortable storing such passwords in plain text in shared file locations, have done so for over a decade, and have NEVER had a single problem with any vendor or staff person messing with our accounts.
I won't detail the specifics on an open listserv as that might invite hacking, but there is a cost to being overprotective in terms of staff productivity and that could well trickle down into inferior patron-facing resources.

Melissa Belvadi
mbelvadi at upei.ca<mailto:mbelvadi at upei.ca>
Make an appointment: https://mbelvadi.youcanbook.me/
________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org<mailto:eril-l-bounces at lists.eril-l.org>> on behalf of Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>>
Sent: Thursday, February 1, 2024 12:58 PM
To: Electronic Resources in Libraries discussion list <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>>
Subject: Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared passwords


CAUTION: This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca<mailto:phishing at upei.ca> and delete this email.


WARNING: The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca<mailto:phishing at upei.ca> and delete this email.

LastPass had a fairly significant security breach<https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/> in 2022.

We now use Keeper<https://keepersecurity.com/> on campus.      I also use 1Password<https://1password.com/> at home to manage personal and family passwords.

Switching to a new enterprise system is always a bit of a learning curve.

If you use more than one password manager, it can be fun to watch them trying to duke it out on your browser screen whenever a login prompt appears!   🙄

Vickie

On Thu, Feb 1, 2024 at 11:34 AM Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>> wrote:
Hi Mary Beth

We just started using LastPass, provided by the college. We are a small group, so there are only five people that have access to the shared password folder. This is new to us - we had been using notes fields in Sierra's ERM module, and had planned to continue that sort of process when we migrated to Alma, but security concerns as well as some confusion (mine, mostly) about how to handle multiple resources that share an admin account (like ProQuest's databases). We are a Google Workspace campus, so we also have a shared email account via Google Groups. The shared email can be the "username" for most admin accounts, so no single person is linked to the admin space.

So far, pros:

  *   Several of us can share passwords by use of a shared folder
  *   Updates to passwords only need to be made in one place, one time
  *   Admin accounts are more secure in that they are not viewable by staff in our LMS

Cons:

  *   LastPass is aggressive, when it is active. It wants to try to fill in everything!
  *   We have a dual factor authentication process that can be cumbersome. As an example, I use a separate password manager to handle my login to LastPass
  *   The college is planning to replace LastPass with something else, so there is a new learning curve coming our way

I hope this helps!

Mike

On Thu, Feb 1, 2024 at 11:03 AM Electronic Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>> wrote:

Hello,


I hope this email finds you well. I am reaching out to the listserv to enquire about your practices regarding password management for shared admin accounts. While we utilize user-specific logins when we can, we are exploring options for improving the way we manage shared passwords.


What are your method(s)? Do you use a password manager to share passwords with authorized colleagues? Does your method work well or are there any drawbacks to it?


Please feel free to respond off-list.


Thanks, and best regards,


~Mary Beth

--
Mary Beth Holm
Electronic Resources Librarian
Virginia Commonwealth University
VCU Libraries
901 Park Ave / PO Box 842033
Richmond, VA 23284-2033
Email: holmm at vcu.edu<mailto:holmm at vcu.edu>
PH: 804-827-0925
Fax: 804-828-5672
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org


--
Michael McGuire
Electronic Resources Librarian
Colby College Libraries
5161 Mayflower Hill
Waterville, ME 04901
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org


This information is intended solely for the use of the individual to whom it is addressed.
Any review, disclosure, copying, distribution or use of this e-mail communication by
others is strictly prohibited.  If you are  not the intended recipient, please notify us
immediately by returning  this message to the sender and delete all copies.

_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240201/ada1a975/attachment.htm>

More information about the Eril-l mailing list