[Eril-l] [EXTERNAL] Re: Tools for managing shared passwords
Electronic Resources in Libraries discussion list
eril-l at lists.eril-l.org
Fri Feb 2 08:09:55 PST 2024
Hi everyone,
Thank you for your thoughtful responses!
You’ve given us a lot to think about. While security is always important, I
think that the ease of managing passwords is another factor. With a
password manager, at least from my use of Dashlane and Bitwarden, it is
easier to identify when a note or password was updated, and by whom.
Exporting the password vault to a .csv or .json file is beneficial if we
need to switch to another solution, a different password manager, etc.
Someone mentioned periodically exporting the vault, which sounds like a
good practice.
As with many things in our line of work, solutions aren’t always perfect
but ideally have more positives than negatives. Thanks for the suggestion
to avoid using multiple different password managers at once…that sounds
confusing!
We do use a system with an ERM, so storing the information in the vendor
records is something to keep in mind. I do like the idea of having it
separate, especially with the robust features of a password manager.
Many thanks,
~Mary Beth
On Thu, Feb 1, 2024 at 4:45 PM Electronic Resources in Libraries discussion
list via Eril-l <eril-l at lists.eril-l.org> wrote:
> We also record this information in the vendor records of our ILS.
>
> Theresa Arndt
> Dickinson College Library
> arndtt at dickinson.edu
> she/her/hers
>
> ------------------------------
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
> Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org
> >
> *Sent:* Thursday, February 1, 2024 3:51 PM
> *To:* Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> *Subject:* Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared passwords
>
> *Caution:*This email originated from outside of the College. *Do not*
> click links or open attachments unless you recognize the sender and know
> the content is safe. Report anything suspicious to the HelpDesk.
>
>
> I assume that you do not have a Library Services Platform with an ERM? We
> have FOLIO and one of the features I like the most is the ability to store
> Administration (or other) login information.
> This doesn't help much with 2 factor authentication and mandated ongoing
> password changes. However, it does allow multiple library staff to access
> the passwords and keeps them secure. (The staff do have to know the name of
> the vendor/resource and they have to cut & paste to make it work.)
>
> Judith
>
> --
> Judith Nagata (she/her)
> Electronic Resources & Serials Librarian
> Dinand Library
> College of the Holy Cross
> Worcester, MA 01610
> p: 508-793-2639
> e: jnagata at holycross.edu
>
>
> On Thu, Feb 1, 2024 at 3:36 PM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
> We went with KeePass a few years ago in addition to moving accounts from
> individual emails to generic emails. Just in case I win the lottery and
> suddenly move to an uncharted island, I can now rest easy knowing that
> someone else can easily take over the reins.
>
> ~~~~~~~~~~~~~~~
> Jenifer Holman (she, her, hers)
> Electronic Resources Librarian
> Van Wylen Library, Hope College
> 53 Graves Place
> Holland, MI 49423
>
> phone: 616-395-7793
> email: holman at hope.edu
>
> Book an Appointment <https://calendar.app.google/nBUm9sJPa5Kvs4257>
>
>
> On Thu, Feb 1, 2024 at 12:36 PM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
> I'm going out on a limb on this one. I think librarians can be far too
> hung up on securing passwords that don't really mean anything to anyone -
> don't lead to any privacy breaches, and no one else would ever care about
> your settings. I am mostly thinking about vendor "customer admin dashboard"
> type of credentials, which I think at least some of the discussion here
> about sharing passwords is about.
> I am completely comfortable storing such passwords in plain text in shared
> file locations, have done so for over a decade, and have NEVER had a single
> problem with any vendor or staff person messing with our accounts.
> I won't detail the specifics on an open listserv as that might invite
> hacking, but there is a cost to being overprotective in terms of staff
> productivity and that could well trickle down into inferior patron-facing
> resources.
>
> Melissa Belvadi
> mbelvadi at upei.ca
> Make an appointment: https://mbelvadi.youcanbook.me/
> ------------------------------
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
> Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org
> >
> *Sent:* Thursday, February 1, 2024 12:58 PM
> *To:* Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> *Subject:* Re: [Eril-l] [EXTERNAL] Re: Tools for managing shared passwords
>
>
> *CAUTION:* This email originated from outside of UPEI. Do not click links
> or open attachments unless you recognize the sender and know the content is
> safe. If you are uncertain, please forward to phishing at upei.ca and delete
> this email.
>
>
>
> *WARNING:* The sender of this email could not be verified and may not
> match the person in the 'FROM' field. Do not click links or open
> attachments unless you recognize the sender and know the content is safe.
> If you are uncertain, please forward to phishing at upei.ca and delete this
> email.
>
>
> LastPass had a fairly significant security breach
> <https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/>
> in 2022.
>
> We now use Keeper <https://keepersecurity.com/> on campus. I also
> use 1Password <https://1password.com/> at home to manage personal and
> family passwords.
>
> Switching to a new enterprise system is always a bit of a learning curve.
>
>
> If you use more than one password manager, it can be fun to watch them
> trying to duke it out on your browser screen whenever a login prompt
> appears! 🙄
>
> Vickie
>
> On Thu, Feb 1, 2024 at 11:34 AM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
> Hi Mary Beth
>
> We just started using LastPass, provided by the college. We are a small
> group, so there are only five people that have access to the shared
> password folder. This is new to us - we had been using notes fields in
> Sierra's ERM module, and had planned to continue that sort of process when
> we migrated to Alma, but security concerns as well as some confusion (mine,
> mostly) about how to handle multiple resources that share an admin account
> (like ProQuest's databases). We are a Google Workspace campus, so we also
> have a shared email account via Google Groups. The shared email can be the
> "username" for most admin accounts, so no single person is linked to the
> admin space.
>
> So far, pros:
>
> - Several of us can share passwords by use of a shared folder
> - Updates to passwords only need to be made in one place, one time
> - Admin accounts are more secure in that they are not viewable by
> staff in our LMS
>
>
> Cons:
>
> - LastPass is aggressive, when it is active. It wants to try to fill
> in everything!
> - We have a dual factor authentication process that can be cumbersome.
> As an example, I use a separate password manager to handle my login to
> LastPass
> - The college is planning to replace LastPass with something else, so
> there is a new learning curve coming our way
>
>
> I hope this helps!
>
> Mike
>
> On Thu, Feb 1, 2024 at 11:03 AM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
> Hello,
>
> I hope this email finds you well. I am reaching out to the listserv to
> enquire about your practices regarding password management for shared admin
> accounts. While we utilize user-specific logins when we can, we are
> exploring options for improving the way we manage shared passwords.
>
> What are your method(s)? Do you use a password manager to share passwords
> with authorized colleagues? Does your method work well or are there any
> drawbacks to it?
>
> Please feel free to respond off-list.
>
> Thanks, and best regards,
>
> ~Mary Beth
>
> --
> Mary Beth Holm
> Electronic Resources Librarian
> Virginia Commonwealth University
> VCU Libraries
> 901 Park Ave / PO Box 842033
> Richmond, VA 23284-2033
> Email: holmm at vcu.edu
> PH: 804-827-0925
> Fax: 804-828-5672
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
>
>
> --
> Michael McGuire
> Electronic Resources Librarian
> Colby College Libraries
> 5161 Mayflower Hill
> Waterville, ME 04901
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
>
> This information is intended solely for the use of the individual to whom it is addressed.
> Any review, disclosure, copying, distribution or use of this e-mail communication by
> others is strictly prohibited. If you are not the intended recipient, please notify us
> immediately by returning this message to the sender and delete all copies.
>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
>
>
>
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
--
Mary Beth Holm
Electronic Resources Librarian
Virginia Commonwealth University
VCU Libraries
901 Park Ave / PO Box 842033
Richmond, VA 23284-2033
Email: holmm at vcu.edu
PH: 804-827-0925
Fax: 804-828-5672
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20240202/8c0eee6a/attachment.htm>
More information about the Eril-l
mailing list