Against the Grain
Volume 19 | Issue 2 Article 38
April 2007 Drinking From the Firehose -- Too Many Passwords, Too Little imeT Eleanor I. Cook Appalachian State University, [email protected]
Follow this and additional works at: https://docs.lib.purdue.edu/atg Part of the Library and Information Science Commons
Recommended Citation Cook, Eleanor I. (2007) "Drinking From the Firehose -- Too Many Passwords, Too Little imeT ," Against the Grain: Vol. 19: Iss. 2, Article 38. DOI: https://doi.org/10.7771/2380-176X.5078
This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. Drinking From The Firehose — Too Many Passwords, Too Little Time Column Editor: Eleanor I. Cook (Appalachian State University, Boone, NC)
he number of passwords that the average what. The only personal codes I don’t have the best passwords are the hardest to remember librarian must have at his or her finger- to write down to remember are: My social or figure out — it’s rather thatDr. Cazier has Ttips has grown by leaps and bounds in security number, my home and work telephone actually demonstrated this in an empirical way recent years and there is no end in sight. This numbers, and my ATM PIN. I also can usually that can’t be ignored. is a fact of life and we must find a way to recall my main email user name and password In one study, Joseph Cazier and Dawn manage them better. I suspect there are many and my library ILS username and password but Medlin used a real data set of customer pass- people in other professions facing a similar I use these everyday and I have these written words from an e-commerce system to analyze challenge. IT system administrators and bank down in the same place I have all the other the strength of the passwords. They were able managers and well, just about anyone who codes I’ll never remember, because I believe to crack a majority of the passwords in a rela- shops or pays bills online with any regularity it is my responsibility to make sure that if tively short period of time.2 In another study will find themselves collecting a hodgepodge something bad happens to me, that someone by the same authors, password choices were of passwords to recall. can get in there if necessary. analyzed by gender and trends for password The experts often say that you should never As a librarian and faculty member at a development were discussed.3 write down passwords. Excuse me? As of this university, I am not held to the same strict If you think you are alone in using your writing, I have 97 unique (almost) passwords security standards as people who work in the children, grandchildren or pet names as — 34 of them are for travel and shopping private sector. I have heard some interesting passwords, think again. Apparently the most sites, 23 of them are for credit cards and other stories about how strictly passwords are man- popular constructs for password creation personal finance and ID purposes, and 40 of aged out there in the include these categories: family names; fan them are specifically library work-related. “real” world and while names, such as sports teams or entertainment To this latter category I add regularly as it makes me shudder characters; fantasy aspects, including sexual we increase the number of databases and (and wonder); allusions (remember the commercial with the e-journal platforms. Therefore, that advice I can respect guy on the train trying to quietly tell the per- is completely unhelpful to me, as there is their need for son on the other end that his password is “big no way on this earth I could possibly keep more security boy”?) and then finally, cryptic combinations, up with this many secret codes, no matter in some cases. which is what is considered the best practice But so often, for development of passwords. In addition, the companies are categories of “Faith,” “Place,” and “Numbers” moving the li- figure prominently in the way people develop ability back onto the individual, so not to have passwords.4 Library Marketplace to take the heat. Why is it a problem to use these kinds of from page 81 With identity theft such a serious problem, passwords? They are easy to guess and the what are we to do? In order to explore this topic people trying to guess them are using many column on “sleepers” in used bookstores. You with more rigor, I decided to do a little research. clever ways to get at your passwords. Besides will be surprised at how much some seemingly I found a number of articles in the popular lit- running software programs looking for com- common books are selling for. erature about the way passwords are developed mon passwords (which is one method) another and what the best practices are, but this did not Bibliophile Bullpen they recently listed all disturbing but growing method is referred to satisfy me completely because some of the as “social engineering.” Social engineering is of those “unlisted” 800#’s for customer service advice was the same old thing — don’t write at places like Amazon. the term used when sensitive information is them down, and make them unique and hard to obtained simply by asking for it — sometimes Bookstore Tourism (http://bookstoretour- crack.1 Ok, I sort of know this intuitively, but directly but other times under the guise of some ism.blogspot.com/) What a great site! Larry it is too difficult to do this, right? We are all other inquiry for which the victim doesn’t Portzline’s passion for books shows through lazy about the way we develop our passwords, understand the real purpose. in every post. Recent article included one on but does it really matter? 5 the founding of some new “Book Towns” and a In an article soon to be published, Cazier But then, I met someone who changed and Botelho report on a study they conducted discussion of the merits and demerits of writing my thinking entirely. A colleague of mine in the margins of one’s own books. recently in a metropolitan area. They set up at Appalachian State University has done a table in front of a large financial institution And last, but not least, Publishing Insider, some really interesting research that captures in a downtown area. Presumably, individuals the blog of Carl Lennertz at Harper Collins. the essence of the problems we face with the working at such a company would have re- His site is notable for its “insider” approach world of passwords. Dr. Joseph Cazier has ceived a modicum of security training concern- and also for its great set of links to even more several scholarly articles already published ing passwords and the like. The researchers blogs. The universe of book and literary blogs concerning password security issues and in his did not hide where they were from or what is an important way to stay in touch with the most recent study he has demonstrated some they were doing — they identified themselves real thing, books. disturbing trends in the behavior of every-day as university researchers and said that they And just for fun, check out these book citizens that points to the real need we all have were conducting a study about passwords. related film clips on YouTube: “Introducing for being more careful about how we construct They asked people if they wished to fill out Le Book,” “Signed 1st Edition,” “March of the passwords that serve as barriers to our most a survey and offered them candy, and also a the Librarians.” sensitive personal information — our bank chance to win a free dinner at a local restaurant Special thanks to Kevin Hanover at Da records, our email accounts, our financial and for completing the survey. They then repeated Capo, Christine McCarthy at Merriam- health records, and so on. the study in front of a major hospital (another Webster, Stephen Bozich at H.W. Wilson, Dr. Cazier is certainly not the first person institution where employees are assumed to Bill Kane at Alibris, Rolf Janke at Sage, Jon to explain this to me, least my systems col- have a higher than average understanding of Clayborne at Elsevier and Adam Chesler at leagues at the Library feel slighted for essen- security issues). They also repeated the study the American Chemical Society for their help tially telling my coworkers and me the same with a population of students. and suggestions. thing. It’s not that I didn’t already know that continued on page 83 82 Against the Grain / April 2007
Lead, Follow, or Get Out of the Way: Management Succession in Libraries by Rick Lugg and Ruth Fischer (Partners, R2 Consulting, 63 Woodwell’s Garrison, Contoocook, NH 03229; Phone: 603-746- 5991; Fax: 603-746-6052)
uring a recent R2 project at Carleton e-resources workflow. The next, I was mentally “Are we in the way?” College in Northfield, Minnesota, I transformed into “boomer dude,” scrambling Libraries are good places to work, and Dinterviewed Chris Sinkler-Miller, to keep up with a smart Gen X-er, and trying boomers are staying longer in key positions, the Periodicals/E-Journals Specialist. Chris not to show it. It’s a moment lots of us are sometimes settling in and making them aw- manages SFX for the Bridge, a catalog shared facing right now. fully comfortable. Consider these statistics, by Carleton and St. Olaf College. She has At Sea-Tac Airport, headed home from drawn from Stanley Wilder’s excellent “De- obviously mastered the SFX knowledgebase, ALA, I had a related conversation with a thirty- mographic Change in Academic Librarianship” linking, e-resource cataloging and holdings something hot-shot who ranted about impend- (Washington DC, Association of Research maintenance — all those tasks that help users ing retirements in libraries and at vendors: “All Libraries, 2003.) find the electronic content they so desire. these gray-hairs keep talking about retirement • In 1986, 43% of ARL Directors were un- At the time we spoke, Northfield had just — well, stop talking and just go, already!” der 50 years old; in 2000, a mere 5%. experienced a world-class hailstorm, with the Within a week of that, while viewing the natu- • In 1985, 44% of Directors had more than Minnesota sky dropping ice bombs “the size of ral history “March of the Librarians” (http:// 24 years of professional experience; in grapefruits,” and causing massive damage to www.youtube.com/watch?v=Td922l0NoDQ), 2000, 86% boast such longevity. roofs and vehicles. Most staff members were I was forcibly struck by the gimpiness, gray- The very idea that someone in her late driving rental cars, and Chris was no excep- ness, baldness, and generally slow pace of thirties or early forties, with 10-15 years of tion. Her temporary ride was a Chrysler PT our tribe. experience, would take over as the director of Cruiser. Personally, I got a kick out of these Wake-up calls are flooding the switchboard, a major library seems almost incomprehensible slightly quirky vehicles when they first came folks! We really are getting old. And while to us now. When discussing promotions or suc- out, and made an innocuous remark to this ef- we can and should argue that experience brings cession with library administrators, the phrase fect. Chris replied, “I hate it. It context and clarity; we most often hear is “she’s not ready.” makes me feel like a boomer.” that years bring per- There’s often some truth to this assertion. So there it was, my “mo- spective and political skill; and that active In recent years, our profession has witnessed ment of Zen”, to borrow Jon a flattening of library organizations, resulting Stewart’s phrase. One moment, aging brings judg- ment and balance, in fewer middle management positions. There we were professional peers, are some missing rungs on the old career lad- looking for improvements in the we also have to ask ourselves honestly: continued on page 85 84 Against the Grain / April 2007