or, The Hitchhiker’s Guide to Fear and Loathing at a Public Library Reference Desk

## Creating Better Passwords By Knowing How They’re Cracked

October 1st, 2014 Brian Herzog

This weekend on Twitter, @itsokayihaveabook linked to a great article on the current thinking for choosing a secure password. I don't keep up with this stuff all the time, but every so often I will check in to see what the developments are. If you only read one password security article this year, this is a good candidate.

I liked this one because it wasn't just preachy-talky on why good passwords are important - he explains how password hacking works, and gives advice based on that to create better passwords.

Some things not to do:

• don't use words: password guessing software crunches through multiple dictionaries at unbelievable speeds, so even nonsensical word combinations will eventually be guessed
• don't use personally-identifiable information: many aspects of our lives are online, and hackers will use everything they know about us when guessing passwords - so don't use addresses, phone numbers, birthdates, schools, mascots, relatives' names, etc
• don't be common: there's lots of standard passwords (like paw0rd, temp1234, i<3book$, etc) that are incorporated into password-guessing - even though it looks tricky to the eye, if other people are using it, chances are the hackers will try it • don't reuse passwords: with corporate-level security breaches, even a good password might be compromised through no fault of your own. But if you use the same good password for all your accounts, once the hackers get it from Home Depot or Target or where ever, then it's much easier for them to get into your PayPal and Amazon and bank accounts So here's what he feels you can do - the "Schneier scheme": So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like "This little piggy went to market" might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary. Of course, don't use this one, because I've written about it. Choose your own sentence -- something personal. The entire article is worth reading. But his bottom-line takeaway is kind of scary: "Pretty much anything that can be remembered can be cracked." I'm going to start recommending this technique when helping patrons set up email accounts. Thanks Jenny! Update 10/3/14: A reader sent me a link to another article, Why you don't need long, complex passwords. I sort of referenced the gist above, but it does a much better job of spelling out another major vulnerability. Thanks R. E.! The bottom line of all of this seems to be that living is inherently dangerous, so live well and don't worry too much about it. Tags: , , , , , , , , ## Reference Question of the Week – 9/21/14 September 27th, 2014 Brian Herzog This week's question is a two-fold cautionary tale: first, it illustrates the importance of annunciation enunciation, and second the importance of the reference interview. What I thought I heard initially was certainly not what this patron actually wanted. A male patron calls the desk and says, One of my wives' books is overdue - can you renew it for her? Of course, what he meant was "One of my wife's books..." - it loses a little in the translation to typing it out, but it was pretty clear over the phone. Clearly wrong, though, and it made me laugh. It also reminded me of the joke about the importance of the Oxford comma. But, item renewed, so everyone is happy (in a very non-polygamous sort of way). Tags: , , , , , , , , , ## Job Opportunity: MVLC Assistant Executive Director September 24th, 2014 Brian Herzog My library is a part of the Merrimack Valley Library Consortium, and the consortium is looking for a new Assistant Executive Director. It's a great job - details below and on the state library jobs website. Duties/Description: The Assistant Executive Director has a unique opportunity to effect a positive change on the consortiums user support operations. This will have a profound impact on the consortiums relations with its member library community As the go-to person for the Executive Director he or she will think creatively to solve problems while coordinating all day to day user services operations, training workshops, and other user support programs. The Assistant Executive Director consults with member library staff and consortia user groups to determine how well their automation needs are being met. The Assistant Executive Director collaborates with the Executive Director, MVLC user groups, and the MVLC Executive Committee in the development and implementation of long and short range strategic plans. The Assistant Executive Director will act in the place of the Executive Director in the absence of same. Duties and Responsibilities: • Will assume duties of the Executive Director in absence of same in overseeing daily operations and assigned duties. • Supervises help desk staff and cataloging staff. Directs and oversees technology services staff in all activities related to customer support operations. • Designs and evaluates consortia wide staff training and documentation for new and existing technologies (Integrated Library System, eContent, Internet services, etc.). Designs and evaluates training documentation for member libraries to use with patrons. • Provides direct consultation and troubleshooting to library staff relative to their use of the automation systems. • Collaborates with the Executive Director, Assistant Director for Technology Services, and appropriate member library user groups in the analysis, evaluation, implementation, configuration, and selection of automation products and services that benefit member libraries. • Oversight, selection, and management of the consortiums trouble ticketing system. Provides the Executive Director and appropriate committees coherent statistics related to the ticketing system. • Designs and publishes public relations articles and the network's newsletter. Updates MVLC Membership Directory. Develops and maintains MVLC's public and internal web sites and wikis. • Attends appropriate committee meetings and serves as liaison for network staff and member libraries for all user applications. • Advises and assists in the planning and implementation of grant proposals. • Ensures that the consortium staff is providing effective communication and quality customer service to member libraries. Effectively cooperates and communicates with fellow coworkers, vendors, and patrons. • Responsible for consortia wide development of eContent collections. Provides member libraries with detailed evaluation, documentation, training, and statistics for shared eContent Collections. • Performs other relevant duties as assigned; may include some night and weekend duties. Work Environment: General office environment with air conditioning and fluorescent lighting. Requires operation of vehicle to attend off site meetings. The noise level in the work environment is low. Moderate levels of stress may occur. Physical Demands: May spend extended periods at workstations performing tasks requiring eye-hand coordination, finger dexterity, and extensive keyboarding and viewing of computer screens. Requires ability to access, input, and retrieve information from a computer. Answer telephones and maintain multiple files. Periods of standing may be required during training sessions. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Qualifications: • ALA accredited MLS • Three to five years public service and automation experience, including supervisory and administrative Excellent oral, written and interpersonal communication skills • Proven customer service orientation • Positive attitude and flexibility • Knowledge of PC environment • Public library experience desirable Salary:$66,924 - \$88,780, in ten steps

Closing Date: Until Filled

Send: Email a resume, cover letter, and the name, address E-mail address, and telephone number of three professional references to egraham@mvlc.org.

Tags: , , , , , , , , , ,

## Reference Question of the Week – 9/14/14

September 21st, 2014 Brian Herzog

This ended up being one of those very rare reference questions where initially it seems like a million-to-one shot, and ends up very casually being that one in a million. This email request came to the reference desk:

Submitted via Chelmsford Library Reference Question.

Allan Daniel Clark, from (born\in North Clemsford, MA Born june 19, 1924, Father Shirley John - Mother Lela M. Lord Clark Enlisted in the US Navy on jan 27, 1953 at Boston, MA Lost on the submarine USS Swordfish (SS-193) --- This man's photo is needed for use with his published Memorial record in the set of six volumes of all the known men lost while attached to a US Submarine Command during World War II. Photos may be in local newspapers of school yearbooks, etc.

That sounds like a great project. My library does have a collection of Chelmsford High School yearbooks, but unfortunately it's not complete. And of course, the further back you go, the more gaps there are in the collection.

But by doing some estimation - someone born in 1924 would be 18 in 1942 - I guessed the yearbooks we'd need would be in the 1940-1943 range. According to the catalog that should be no problem, but when I got to the shelf the only one from that period that was actually there was 1942 - not great odds.

Also, it turns out that Chelmsford High only included photos of the seniors in the yearbooks, with other classes only having their names listed.

But, despite the odds, this was indeed the correct yearbook, and Allan Daniel Clark was right there at the bottom of the page:

I was rather surprised, but very happy. I emailed the patron some scanned versions of the page, as well as contact information for the High School to see about copyright permission. I felt really good about being able to answer this question, but even still I was expecting the inevitable reply:

Thank you for your efforts on locating photos. For your reference, i am attaching a description of the six volume series.

Although I wish him well with this project, the library will not be purchasing this six volume series.

Tags: , , , , , , , , , ,

## Libraries Holding Privacy Literacy Workshops for Patrons

September 18th, 2014 Brian Herzog

You may have seen this, but it bears cross-posting:

Librarians in Massachusetts are working to give their patrons a chance to opt-out of pervasive surveillance. Partnering with the ACLU of Massachusetts, area librarians have been teaching and taking workshops on how freedom of speech and the right to privacy are compromised by the surveillance of online and digital communications -- and what new privacy-protecting services they can offer patrons to shield them from unwanted spying of their library activity.

It's important also to know this isn't a one time have-a-workshop-and-everything-is-fixed situation. Online privacy and security evolves constantly - a good example is Overdrive's recent announcement of changes to their app.

On the one hand they said they can do away with Adobe IDs, but on the other they want to start forcing patrons to register with Overdrive. It's increasingly common for patron information to be controlled by third-parties, but it's still not a good thing - and definitely something patrons should know about. And if it's not their librarians telling them, who will?

Thanks for pushing this, Alessandro!

Tags: , , , , , , ,

## Reference Question of the Week – 9/7/14

September 13th, 2014 Brian Herzog

This whole interaction made me laugh, but I have to call Spoiler Alert for anyone who hasn't read Be careful what you wish for by Jeffrey Archer - because this question does reveal the ending (I think).

A patron called in on a cell phone (with driving noises in the background) asking if there's a book after Archer's Be careful what you wish for. While I'm checking our catalog (which has Novelist Select built into the pages to list books in series order) the patron says [and this is the spoiler],

Everybody just blew up and the book ended so there's got to be a sequel.

When I get to the record I tell him it was just released in 2014 and is the fourth book in the series, but the fifth book isn't out yet. The patron's reaction could have caused an accident:

What? You mean they're going to make me wait? I just finished the last CD and I want to find out what happens next!

I couldn't help but laugh. It's honestly a joy to hear someone so into a story.

At least I could tell him book five, Mightier than the Sword, is due out in February 2015. I haven't read any of these, but if this patron is so excited about them I think maybe I should. Any audiobook that caused someone to call the library immediately after the last disc ends has got to be good.

Tags: , , , , , ,

• Hiya. My name is Brian Herzog, and I am, among other things, a reference librarian at a public library in MA, USA. more about me...

Email me through my Contact Form

• ## Specs

a customized greenlove theme

[ Login || Stats ]

• The most beautiful thing we can experience is the mysterious. — Albert Einstein