|
Definitions
Password
Codes which are second level of authentication in order to defend against
unauthorized use of a particular application. They should be unique to the
individual user. Their length and whether they can be composed of letters
and/ or numbers is controlled by the application for which they are entered.
They do not show on the screen when typed.
Passwords should be carefully chosen as their purpose is to protect
unauthorized use. They should not be easy to guess, nor should they be
shared or recorded in a place they can be easily found. creating and using
passwords. They URL below applies specifically to WAM accounts but
can be applied to any account. Please read and follow these guidelines:
http://www.inform.umd.edu/CompRes/NewStudents/victim.htm
Authorization codes:
A public code which identifies the user to the application. This is
usually the first code and required to gain access to an application.
Because they are public, and frequently based on the users' name, they
provide limited protection against others trying to access someone
else's information.
Log-On Scripts
Screens which pop-up to guide a user through the process of getting
into an application. The screens prompt for codes to be entered to
identify who the user is.
General Principles
These principles apply to any use of UM Libraries computers. Some
examples of where these principles apply are: access to OLCLC, email,
the UM Libraries integrated library system software, and certain web
sites which require a user to provide information about their identity,
such as, Travelocity.
Passwords
Passwords are not to be made part of log on scripts. In other words,
do not include a password as part of anything the computer automatically enters
for you. Doing this is called "embedding" and defeats the purpose of having a
password as anyone sitting at that computer will be automatically logged in as you.
Placing passwords in scripts causes them to be stored on a file on the computer.
Since all TSD staff computers are linked to the internet , these log on files can
be read by anyone with internet access, making the password vulnerable to theft
and unauthorized use. When computers migrate to other owners if the password
files are not removed, inappropriate access is provided to the next owner. If
another person uses your computer and you have stored all your access
information on the computer, should that person do something in violation of
campus fair use policies, it will be difficult, if not impossible, to prove
you were not the offender.
Passwords in all applications should be changed several times a year.
Passwords should conform to safe practices, i.e., not consist of names
or birth dates of family members, names of pets or any other entity which
can be easily associated with you. The safest passwords consist of
combined number and letter strings. Consult the URL listed in the
definitions for additional hints.
Authorization Codes
Authorization codes may be embedded in, i.e., made part of, log on scripts
as long as there is another code which must be entered to access the software
application.
Generic Codes Policy
Supervisors have access to a very limited set of generic codes for student
workers. Supervisors are responsible for keeping permanent records of what
students were assigned generic codes and the time during which they were in use.
Specific Cases
Electronic Mail
Authorization IDs are assigned by the system post master for UMAIL (i.e.,
zz99) Individuals can chose their own for WAM and DEANS, but once chosen,
they are permanent. Although UMAIL itself requires authorization and passwords
to be manually entered, other clients for UMAIL do permit log-on scripts.
SIMEON is one such example. Authorizations can be added to a script. In the
screen below, the check in the box for "Use login as session default" enables the
User name to be stored permanently.
- Passwords are chosen by the individual and are never to be part of a script.
- Example of Simeon log-on. User name can be automatically provided.
Do not automatically provide Password.
SIMEON offers the opportunity to store id and passwords via the Tools,
Options, Edit Options screen. When editing User preferences, do NOT check the
box for "Save user id and password to File".
Integrated Library System
Bibliographic and holdings edit passwords are requested by the supervisor
via the Head of Catalog Management and are assigned by ITD staff. Acquisitions
passwords are requested via the Head of Acquisitions and activated by ITD staff.
The current ILS requires manual entry of both authorizations and passwords.
Web site passwords
Some web sites ask for a password or user ID. Clear your browser cache
at the end of the session if personal information was entered.. If you do not know
how to do this, or understand what this means, please talk to your department's
technology representative. Ask for help if needed. Websites can use the
information you entered to track your use of the web site just visited and any
others visited subsequently. If a web site gives a choice to remember the user id
or password, always answer "No".
Example of web site which asks for login and password information:
PCs
The Windows operating system offers an option to select a password which must
be entered any time the computer is turned on. TSD staff are never to establish a
password for Windows. It prevents others from using library-owned equipment in
emergencies. Establishing a password also obstructs use of the machine when it migrates
to another staff person.
OCLC Passport
Authorization codes and passwords are maintained and requested by the Head of
Cataloging. Passwords will be changed periodically.
| 
