Systems Basics – The Password List

In the initial days of my job, I ran into a serious snag that took several weeks of work to resolve. Almost all databases have an admin section where you can get usage data, create links to other databases and OpenURL resolvers and update the look and feel of the databases.

You guessed the problem…. I had no passwords.

Many of these passwords were stashed in files, in purchase orders and in other librarians offices. I was able to assemble some passwords and a basic outline of our databases over a few weeks before the staff went on vacation. The rest, I had to send sheepish emails to our vendors to get those passwords reset.

That was an unpleasant experience, one that I would prefer to avoid in the future.

My first solution to this problem was a basic list. I created 3 major lists, ILS passwords, Service passwords, and Vendor passwords. This allowed me to consolidate the many little pieces of paper scrawled with passwords that lay cast upon my desk. This list remained my ‘scribble list’ as we canceled databases, added new users and discovered (many, many) expired logins.

The second, and more permanent solution is KeePass.

KeePass is a password manager, a password generator and a safe, permanent way to control all the passwords a systems librarian has to keep track of.

For personal use, KeePass is an excellent program to use if you need to control a large number of complex passwords. For librarians… well, let’s just say a half-way competent hacker could make a total hash of any ILS currently on the market, especially with the way most of them remain illconfigured and unupdated. KeePass is secure, but it also allows one to export the data in a number of different ways, back up the database, and it’s portable. I keep two backups of my password database, one encrypted in my work email and two paper copies in separate locations. This may be paranoid, but it’s saved my data on three separate occasions. Paper copies don’t get corrupted.

You can carry around all your passwords on your memory key, or keep them on the remote drives provided by most IT departments. If you’re using a memory key, I also recommend the very cool launcher known as For the paranoid among you, this app is tightly integrated with truecrypt for an extra level of protection.