Email list hosting service & mailing list manager


Re: Dealing with password authenticated online content Susan Wishnetsky 29 May 2007 20:49 UTC

At 02:48 PM 5/29/2007, Susan Davis wrote:

>.... We have a little script (I'm not the technical person here so
>I'm just describing the process in generic terms) that is invoked
>when a user clicks on the 856 link which leads to an authentication
>page.  After the user inputs the necessary information to verify
>themselves as a legitimate university users, they are taken to a
>webpage that lists the username and password for the product, as
>well as the URL to the product itself.

That's not quite what I was describing.  It sounds like what you're
describing allows the users to see the passwords.  If they can see
them, they can share them with unauthorized people.  And they have to
bother with typing them in, to get access.

I was envisioning (or remembering) a system in which the user never
sees the password, and never has to type it in.  The macro does that
for them.  Invisibly.  Has that ever been done?  SW

>The downside of this process is that many users fail to read the
>entire webpage explaining the need to take note of the username and
>password and instead try to use their university authentication
>again to gain access.
>
>With an ever increasing demand for one click access, this is not a
>particularly elegant solution.  But it does keep the passwords
>"safe" in that not just anybody can readily obtain them, nor does a
>patron have to come to a service point to ask for them.
>
>Susan
>
>Susan Davis
>Head, Electronic Periodicals Management Department
>University at Buffalo (SUNY)
>134 Lockwood Library
>Buffalo, NY  14260-2210
>(716) 645-2784
>(716) 645-5955 fax
>unlsdb@buffalo.edu
>
>***Please consider the environment before printing this email****
>
>--On Tuesday, May 29, 2007 2:13 PM -0500 Susan Wishnetsky
><pasiphae@NORTHWESTERN.EDU> wrote:
>
>>At 12:23 PM 5/29/2007, Chad Hutchens wrote:
>>>We have the same de-facto policy.  If the publisher or provider does not
>>>offer IP authentication, we don't activate the title electronically ....
>>
>>We do the same, but I thought that some libraries had come up with
>>a way to automate the entering of passwords.  Once the user clicks
>>on a password-only resource, the user (or the location of the user's
>>workstation) is authenticated by the library's system, which proceeds
>>to activate a kind of macro to enter the password for them, a process
>>that is invisible to the user.
>>
>>There'd probably have to be separate macros, with unique instructions,
>>for each password-only product ... but if you really wanted to provide the
>>product, it'd be worth it.  Did I dream this?  Is it being done anywhere?
>>Can it be done?  SW
>>
>>
>>Susan Wishnetsky
>>Electronic Resources Librarian
>>Galter Health Sciences Library
>>Feinberg School of Medicine, Northwestern University
>>303 East Chicago Avenue
>>Chicago, Illinois 60611-3008
>>
>>(312) 503-9351
>>FAX (312) 503-1204
>>pasiphae@northwestern.edu

Susan Wishnetsky
Electronic Resources Librarian
Galter Health Sciences Library
Feinberg School of Medicine, Northwestern University
303 East Chicago Avenue
Chicago, Illinois 60611-3008

(312) 503-9351
FAX (312) 503-1204
pasiphae@northwestern.edu