General information

The Password Dilemma

366px-Elizabeth_Montgomery_Allen_Ludden_Password_1971
Elizabeth Montgomery on the game show Password, 1971

One-on-one technology help is one of the greatest services offered by the modern public library. Our ability to provide free assistance without an underlying agenda to sell a product puts us in a unique and valuable position in our communities. While one-on-one sessions are one of my favorite job duties, I must admit that they can also be the most frustrating, primarily because of passwords. It is rare that I assist a patron and we don’t encounter a forgotten password, if not several. Trying to guess the password or resetting it usually eats up most of our time. I wish that I were writing this post as an authority on how to conquer the war on passwords, but I fear that we’re losing the battle. One day we’ll look back and laugh at the time we wasted trying to guess our passwords; resetting them again and again, but it’s been 10 years since Bill Gates predicted the death of the password, so I’m not holding my breath.

The latest answer to this dilemma is password managers like Dashlane and Last Pass. These are viable solutions for some, but the majority of the patrons I work with have little experience with technology and a password manager is simply too overwhelming.

I’ve been thinking a lot about passwords lately; I’ve read countless articles about how to manage passwords, and I don’t think there’s an easy answer. That said, I think that the best thing librarians can do is change our attitude about passwords in general. Instead of considering them to be annoyances we should view them as tools. Passwords should empower us, not annoy us. Passwords are our first line of defense against hackers. If we want to protect the content we create, it’s our responsibility to create and manage strong passwords. This is exactly the perspective we should share with our patrons. Instead of griping about patrons who don’t know their email passwords, we should take this opportunity to educate our patrons. We should view this encounter as a chance to stop patrons from using one password across all of their accounts or God forbid, using 123456 as their password.

If a patron walks away from a one-on-one help session with nothing more than a stronger account password and a slightly better understanding of online security, then that is a victory for the librarian.

What’s your take on the password dilemma? Do you have any suggestions for working with patrons in one-on-one situations? Please share your thoughts in the comments.

5 comments

  1. Marlon Hernandez

    For personal use I have Lastpass and Google Authenticator. This combo allows me to use complex passwords for every site, easy retrieval, and added layer of security.

    Thankfully at work we have a very secure login system, one major tech perk of working for a government site, so I don’t store that login in LastPass. However, because it has complex requirements I still run into coworkers that write down their passwords next to their computers (even taped under the keyboard) or on a giant spreadsheet saved on the desktop. The introduction of RSA tokens for remote access has edcuated our patrons on the importance of strong passwords and security measurements. This, in turn, led me to use RSA as an example when suggesting two-factor authentication for their personal accounts as well.

    Granted this is at a special library with a highly technical population, still I think bringing up two-factor authentication to other patron populations is useful and you could start with a simple article such as this one that provides an image gallery on how to enable two-factor on popular sites.

  2. Leanne Mobley

    Great suggestions. I really like the article you included too; very straight forward and it’s nice to find all the heavy-hitters in one place. Thanks for sharing!

  3. Kevin Bauer

    I couldn’t agree more, in fact I ran into the “first we need to reset your password,” issue today while helping a patron download eBooks. For older patrons, a piece of paper seems to be the best solution. I personally use a href=”http://keepass.com”>KeePass, and have found the Diceware technique to be useful as well.

    I’m starting to think about how to educate people about passwords. Even the patrons who remember them are often using very weak passwords.

  4. Leanne Mobley

    I agree. I think it’s best to tell older patrons to write down their passwords, keep them in a safe place, and make sure someone they trust knows where to find them too.

  5. Henry Mensch

    Stanford has implemented an interesting variation on password policies.

    I personally use Lastpass (because I hadn’t realized how many logins I had accumulated for various services–at last count over 500). I suppose it’s possible to have only a handful of services (one email, one login for the library, …) but life doesn’t work that way anymore … and sharing passwords across services is just asking for trouble.

Comments are closed.