[OPLINTECH] Policies on how to store passwords
Phil Shirley
pshirley at cuyahogafallslibrary.org
Thu Oct 8 13:56:05 EDT 2020
Does your library have a policy about the proper way (and unacceptable
ways) to store passwords? Do you know of any such policy from OLC or
some other library organization?
I've seen frameworks for developing your own security policies, but I'd
like something quick and easy, to be able to say "so and so library does
this or that."
Something that was on my list for this year was to develop security
policies like this and get them officially approved so that I could
enforce them easily. Obviously, plans for 2020 changed. In the absence
of a policy like that, I'd like to have something more than "Phil says
you should/shouldn't do this" for issues beyond taping your password to
your monitor or hiding it under the keyboard.
The main issue is passwords for shared accounts, which I of course try
to minimize but can't completely eliminate. At least one department has
passwords in their printed manual, which of course means they're saved
in a Word document somewhere (unencrypted I'm sure), and some
departments are moving their documentation to our Google-based intranet.
I plan to suggest that staff use a password manager. I would love to
have a subscription to a business-level one where things could be
managed centrally, including pushing out changes to shared passwords,
and I see that TechSoup now has Dashlane Business, but I think I'll have
to settle for free, individual subscriptions, which would still be a lot
better than nothing. So far I've only found one library that pays for a
business-level password manager.
I would appreciate any thoughts you have about any of this.
Phil
*Phil Shirley*
/IT Manager/
*Cuyahoga Falls Library*
*p.* 330.928.2117 x109 *e.* pshirley at cuyahogafallslibrary.org
<mailto:pshirley at cuyahogafallslibrary.org>
*w. *cuyahogafallslibrary.org <http://www.cuyahogafallslibrary.org/> *a.
*2015 Third Street, Cuyahoga Falls, OH 44221
<https://www.facebook.com/fallslibrary/>
<https://twitter.com/FallsLibrary><https://www.instagram.com/fallslibrary/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20201008/01db8fa6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icpkpkfldhbamkmd.png
Type: image/png
Size: 1114 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20201008/01db8fa6/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: epedfkhdglmaiblb.png
Type: image/png
Size: 1139 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20201008/01db8fa6/attachment-0001.png>
More information about the OPLINTECH
mailing list