Monday, August 26, 2013

Post-password future?

Probably the single most frustrating thing in my work with students in the library is seeing them give up trying to use online subscribed resources and ebooks because 'it's all too hard'. This could be in regard to setting up accounts, forgotten passwords, slow or unreliable internet, the perception that it's complicated or too time-consuming, Google search is an easy alternative, uncertainty about how to search within and reference online materials, or a combination of these factors.

This week's ANZ 23 mobile things topic is Adobe ID. Students at the academic library where I work have to create an account with Adobe to access ebooks on the free Adobe Digital Editions software for the desktop or laptop, and also to use an ebook reader app such as Overdrive or Bluefire on a mobile device. The Adobe ID allows them to transfer books protected by Digital Rights Management (DRM) on to their computers. Next, students have to create an account with our ebook provider Ebsco, and then they have to sign in with their college password to access our online resources. That's 3 user names and 3 passwords to download their first ebook. Also, every time there is an update for an app that uses Adobe ID for authentification, the ID password needs to be re-entered. It really takes persistence! I've heard this type of cumbersome process described as a 'usability chore'.

There's no way around passwords. They are needed in the academic library context to limit access to subscription resources to enrolled students, and to connect a student with their personal information such as current checkouts. Students also need passwords to login to Mendeley reference manager, software that is installed on the library computers, their cloud-based email, individual databases in order to receive alerts, and so on - it's never-ending. In an average day at work, I login to around 15 password protected sites or programs. My computer has many of them stored, but for students using the library computers there are no stored passwords.

*A scary note on Chrome's password security - did you know that you can see every password that has been saved in the browser in the advanced settings page? And you don't need a password to get access to that! Just don't leave your computer unattended if you use Chrome and value your privacy...

Some questions circling in my mind:

Is it sensible or bad practice to suggest they use the same password for data that is not especially sensitive/confidential? (The more passwords students have to remember, the more likely it is that they will a choose a single simple password, or no password. Do you password protect your laptop/tablet/phone??)

Has my organisation made it easy to use a single login for multiple services / products?

How often does having to sign up and log in dissuade someone from accessing a service or product?

Why haven't we moved into the post-password future that has been hinted at by the likes of Google and Apple? (fingerprint logins, ring logins, etc.)

Are passwords only about security/access or are they just as much about collecting data?

Are password apps as trustworthy as they claim to be?