An option is to use a password management program (KeepassX is good because
it is cross platform) to store the passwords on the shared drive, although
of course you need to distribute the passphrase for it around.
cheers,
AC
On Mar 4, 2013 6:09 PM, "Jonathan Rochkind" <[log in to unmask]> wrote:
> Makes sense, thanks! Although leaving account/password list unencrypted
> on a shared drive seems potentially dangerous....
>
> On 3/4/2013 1:20 PM, Laura Robbins wrote:
>
>> We have a shared email account that we use for these situations. As
>> well, we have a master account/password list for all of the different
>> accounts that get created that is in a shared network folder. That
>> way if someone is out sick or on sabbatical, the information is
>> available to all of our full-time librarians.
>>
>> Laura Pope Robbins
>> Associate Professor/Reference Librarian
>> Dowling College Library
>>
>> Phone: 631.244.5023
>> Fax: 631.244.3374
>>
>> "A mind needs books as a sword needs a whetstone, if it is to keep its
>> edge." --Tyrion Lannister in A Game of Thrones by George R.R. Martin
>>
>> On Mar 4, 2013, at 11:11 AM, Jonathan Rochkind <[log in to unmask]> wrote:
>>
>> Whether it's Amazon AWS, or Yahoo BOSS, or JournalTOCs, or almost
>>> anything else -- there are a variety of API's that library software wants
>>> to use, which require registering an account to use.
>>>
>>> They may or may not be free, sometimes they require a credit card
>>> attached too.
>>>
>>> Most of them assume that an individual person is creating an account,
>>> the account will be in that individual's name, with an email address, etc.
>>>
>>> This isn't quite right for a business or organization, like the library,
>>> right? What if that person leaves the organization? But all this existing
>>> software is using API keys attached to 'their' account? Or what if the
>>> person doesn't leave, but responsibilities for monitoring emails from the
>>> vendor (sent to that account) change? And even worse if there's an
>>> institutional credit card attached to that account.
>>>
>>> I am interested in hearing solutions or approaches that people have
>>> ACTUALLY tried to deal with this problem, and how well they have worked.
>>>
>>> I am NOT particularly interested in "Well, you could try X or Y"; I can
>>> think of a bunch of things I _could_ try myself, each with their potential
>>> strengths and weaknesses. I am interested in hearing about what people
>>> actually HAVE tried or done, and how well it has worked.
>>>
>>> Has anyone found a way to deal with this issue, other than having each
>>> API registered to an account belonging to whatever individual staff
>>> happened to be dealing with it that day?
>>>
>>> Thanks for any advice.
>>>
>>
>>
>>
|