Re: Dealing with password authenticated online content James, Richard 31 May 2007 12:17 UTC
I think that the key concept is "reasonable efforts". Having the passwords securely located at the ref. desk is probably as much as a library should be reasonably expected to do. What students do with the passwords is not within the control of the library, and the question remains as to our need to assume that we are responsible for that action, or indeed, whether we suffer such harm as to require a commitment of our resources and expertise into finding a "solution" . -----Original Message----- From: SERIALST: Serials in Libraries Discussion Forum [mailto:SERIALST@LIST.UVM.EDU] On Behalf Of Hutchens, Chad Sent: Wednesday, May 30, 2007 12:21 PM To: SERIALST@LIST.UVM.EDU Subject: Re: [SERIALST] Dealing with password authenticated online content The downside is that you just can't tell a provider/publisher that they're a loser in this when they come knocking on your door because the passwords to your licensed resources get posted on an internet board that's publicly accessible. What I'm saying is that most publishers/providers require libraries (in some sort of license) to make reasonable efforts to keep usernames/passwords accessible only to authorized users. Like I said, posting these anywhere, even if that location is secure, does not address what people will do with those usernames/passwds once they've got them. The best solution would be to have some automated authentication method where the user can't see the username/passwd combo at all. It's best for the users (doesn't make them remember anything) and for the library. I don't know of such a system however. Respectfully, Chad Hutchens -----Original Message----- From: SERIALST: Serials in Libraries Discussion Forum on behalf of James, Richard Sent: Tue 5/29/2007 6:41 PM To: SERIALST@LIST.UVM.EDU Subject: Re: [SERIALST] Dealing with password authenticated online content Granted that IP identification is better than password authentification, but- is there any pressing need to be concerned with keeping the passwords confidential? The provider is the loser, in so far as there is a loser in this scenario. What is the downside to a library of having the password for some part of its resources being widely available? It seems less like a problem and more like mission fulfillment. RIchard James (Just my personal opinion etc. not that of my employer) >-----Original Message----- >From: SERIALST: Serials in Libraries Discussion Forum on behalf of Toni Fortini >Sent: Tue 5/29/2007 4:25 PM >To: SERIALST@LIST.UVM.EDU >Subject: Re: [SERIALST] Dealing with password authenticated online content >Chad brings up a good point: the problem with password authentication is >the inability to keep passwords confidential.