<div dir="ltr">I'm not going to comment on an individual library's password policy. But I'd like to mention Keepass (and its compatible derivatives) as a free, open source, cross platform, and widely supported password manager database. I started off with Keepass on Windows many years ago and when I transitioned to GNU/Linux, I switched to KeepassXC, which is very similar to the Windows based Keepass and uses the same database. I also use an Android app on my phone that uses the same encrypted database (stored on Google Drive and synced between my GNU/Linux distro and my phone). Being one of the top four password managers (at least as of 2017, according to Wikipedia), I have no problems suggesting use of Keepass for securely storing passwords.<div><div><br></div><div>As a nod towards your needs, the Keepass database is stored on a local file system rather than the cloud. So as long as your frontend has R/W access to the file system, you should be able to open a shared database file for shared passwords. I just happen to use Google Drive between my phone and computer because I use an android phone and it's native. But a shared network drive should work for staff computers. YMMV, depending on your own needs/situation. But it might be worth a look.</div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>______________________________<br><b>Chad Neeper</b><br><font size="1">Senior Systems Engineer</font><br><br><b>Level 9 Networks</b><br><font size="1">740-548-8070 (voice)<br>866-214-6607 (fax)</font><br><br><font size="1"><i>Full IT/Computer consulting services -- Specialized in public libraries</i></font><br></div></div></div></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Oct 8, 2020 at 1:56 PM Phil Shirley via OPLINTECH <<a href="mailto:oplintech@lists.oplin.org">oplintech@lists.oplin.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Does your library have a policy about the proper way (and
unacceptable ways) to store passwords? Do you know of any such
policy from OLC or some other library organization?</p>
<p>I've seen frameworks for developing your own security policies,
but I'd like something quick and easy, to be able to say "so and
so library does this or that."<br>
</p>
<p>Something that was on my list for this year was to develop
security policies like this and get them officially approved so
that I could enforce them easily. Obviously, plans for 2020
changed. In the absence of a policy like that, I'd like to have
something more than "Phil says you should/shouldn't do this" for
issues beyond taping your password to your monitor or hiding it
under the keyboard.</p>
<p>The main issue is passwords for shared accounts, which I of
course try to minimize but can't completely eliminate. At least
one department has passwords in their printed manual, which of
course means they're saved in a Word document somewhere
(unencrypted I'm sure), and some departments are moving their
documentation to our Google-based intranet.</p>
<p>I plan to suggest that staff use a password manager. I would love
to have a subscription to a business-level one where things could
be managed centrally, including pushing out changes to shared
passwords, and I see that TechSoup now has Dashlane Business, but
I think I'll have to settle for free, individual subscriptions,
which would still be a lot better than nothing. So far I've only
found one library that pays for a business-level password manager.<br>
</p>
<p>I would appreciate any thoughts you have about any of this.<br>
</p>
<p>Phil<br>
</p>
<p class="MsoNormal" style="line-height:115%"><b><span style="font-family:Arial,sans-serif">Phil Shirley</span></b><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif"><br>
<i>IT Manager</i><br>
<b>Cuyahoga Falls Library</b></span><span style="font-size:9pt;line-height:115%;font-family:Arial,sans-serif"></span><span style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif"><br>
<b>p.</b> 330.928.2117 x109 <b>e.</b> <a href="mailto:pshirley@cuyahogafallslibrary.org" target="_blank">
<span style="color:windowtext;text-decoration:none">pshirley@cuyahogafallslibrary.org</span></a>
<br>
<b>w. </b><a href="http://www.cuyahogafallslibrary.org/" target="_blank"><span style="color:windowtext;text-decoration:none">cuyahogafallslibrary.org</span></a>
<b>a. </b>2015 Third Street, Cuyahoga Falls, OH 44221</span></p>
<p class="MsoNormal"><a href="https://www.facebook.com/fallslibrary/" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;color:windowtext;text-decoration:none"><img id="gmail-m_-1149316980794425800Picture_x0020_5" src="cid:175095ed226644e7a491" width="24" height="24" border="0"></span></a>
<span style="font-size:10pt;font-family:Arial,sans-serif"> </span><a href="https://twitter.com/FallsLibrary" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;color:windowtext;text-decoration:none"><img id="gmail-m_-1149316980794425800Picture_x0020_6" src="cid:175095ed2277cd6c9ce2" width="24" height="24" border="0"></span></a><span style="font-size:10pt;font-family:Arial,sans-serif"> </span><a href="https://www.instagram.com/fallslibrary/" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;color:windowtext;text-decoration:none"></span></a></p>
</div>
_______________________________________________<br>
OPLINTECH mailing list<br>
<a href="mailto:OPLINTECH@lists.oplin.org" target="_blank">OPLINTECH@lists.oplin.org</a><br>
<a href="http://lists.oplin.org/mailman/listinfo/oplintech" rel="noreferrer" target="_blank">http://lists.oplin.org/mailman/listinfo/oplintech</a><br>
<br>
*** *** Wondering if your library's website measures up to current best practices in web design? <a href="https://oplin.ohio.gov/services/audits" rel="noreferrer" target="_blank">https://oplin.ohio.gov/services/audits</a> *** ***<br>
</blockquote></div>