Re: Dealing with password authenticated online content James, Richard 31 May 2007 12:17 UTC

I think that the key concept is "reasonable efforts". Having the
passwords securely located at the ref. desk is probably as much as a
library should be reasonably expected to do. What students do with the
passwords is not within the control of the library, and the question
remains as to our need to assume that we are responsible for that
action, or indeed, whether we suffer such harm as to require a
commitment of our resources and expertise into finding a "solution" .

-----Original Message-----
From: SERIALST: Serials in Libraries Discussion Forum
[mailto:SERIALST@LIST.UVM.EDU] On Behalf Of Hutchens, Chad
Sent: Wednesday, May 30, 2007 12:21 PM
To: SERIALST@LIST.UVM.EDU
Subject: Re: [SERIALST] Dealing with password authenticated online
content

The downside is that you just can't tell a provider/publisher that
they're a loser in this when they come knocking on your door because the
passwords to your licensed resources get posted on an internet board
that's publicly accessible.

What I'm saying is that most publishers/providers require libraries (in
some sort of license) to make reasonable efforts to keep
usernames/passwords accessible only to authorized users.  Like I said,
posting these anywhere, even if that location is secure, does not
address what people will do with those usernames/passwds once they've
got them.

The best solution would be to have some automated authentication method
where the user can't see the username/passwd combo at all.  It's best
for the users (doesn't make them remember anything) and for the library.
I don't know of such a system however.

Respectfully,

Chad Hutchens

-----Original Message-----
From: SERIALST: Serials in Libraries Discussion Forum on behalf of
James, Richard
Sent: Tue 5/29/2007 6:41 PM
To: SERIALST@LIST.UVM.EDU
Subject: Re: [SERIALST] Dealing with password authenticated online
content

Granted that IP identification is better than password authentification,
but- is there any pressing need to be concerned with keeping the
passwords confidential? The provider is the loser, in so far as there is
a loser in this scenario. What is the downside to a library of having
the password for some part of its resources being widely available? It
seems less like a problem and more like mission fulfillment.

RIchard James
(Just my personal opinion etc. not that of my employer)

>-----Original Message-----
>From: SERIALST: Serials in Libraries Discussion Forum on behalf of Toni
Fortini
>Sent: Tue 5/29/2007 4:25 PM
>To: SERIALST@LIST.UVM.EDU
>Subject: Re: [SERIALST] Dealing with password authenticated online
content

>Chad brings up a good point: the problem with password authentication
is
>the inability to keep passwords confidential.