Re: Dealing with password authenticated online content
Hutchens, Chad 30 May 2007 16:21 UTC
The downside is that you just can't tell a provider/publisher that they're a loser in this when they come knocking on your door because the passwords to your licensed resources get posted on an internet board that's publicly accessible.
What I'm saying is that most publishers/providers require libraries (in some sort of license) to make reasonable efforts to keep usernames/passwords accessible only to authorized users. Like I said, posting these anywhere, even if that location is secure, does not address what people will do with those usernames/passwds once they've got them.
The best solution would be to have some automated authentication method where the user can't see the username/passwd combo at all. It's best for the users (doesn't make them remember anything) and for the library. I don't know of such a system however.
Respectfully,
Chad Hutchens
-----Original Message-----
From: SERIALST: Serials in Libraries Discussion Forum on behalf of James, Richard
Sent: Tue 5/29/2007 6:41 PM
To: SERIALST@LIST.UVM.EDU
Subject: Re: [SERIALST] Dealing with password authenticated online content
Granted that IP identification is better than password authentification, but- is there any pressing need to be concerned with keeping the passwords confidential? The provider is the loser, in so far as there is a loser in this scenario. What is the downside to a library of having the password for some part of its resources being widely available? It seems less like a problem and more like mission fulfillment.
RIchard James
(Just my personal opinion etc. not that of my employer)
>-----Original Message-----
>From: SERIALST: Serials in Libraries Discussion Forum on behalf of Toni Fortini
>Sent: Tue 5/29/2007 4:25 PM
>To: SERIALST@LIST.UVM.EDU
>Subject: Re: [SERIALST] Dealing with password authenticated online content
>Chad brings up a good point: the problem with password authentication is
>the inability to keep passwords confidential.