A Few Words About Password Complexity & Your ILLiad Account

It has been common logic for some time that security is an important issue with regard to one's internet activities, and as such it has been considered standard procedure to expect users to regularly manage passwords to their online service sites. Although a case could be made to apply this reasoning to library services (such as interlibrary loan and document delivery) as well, we have never made it a crucial point to enforce any standards when creating, changing or re-setting your ILLiad password.

We have always encouraged using secure character strings, but have never made any particular requirements mandatory. We do, however, highly recommend (on a purely voluntary basis) the following oft-repeated suggestions...

* 8 to 13 characters in length.
* Include at least one each of the following: uppercase letter, lowercase letter, numeral, non-alphanumeric character (such as "#", "$", "%", "&", "?").
* Avoid using words or names in English or any other language.

For those of you "free spirits" who still insist on using names or regular words, here are some suggestions on how to disguise or camouflage them in practice...

* A name like "Mary Jane" could instead become "m@Ry|&n3".
* Words like "violin bows" could be re-cast as ">i0LjnBo3$".

These examples actually fulfil the three guidelines above, as well. Now that I've put them out there, I recommend of course that you make up your own.

It has also been suggested that you can use "sentence" strings, of the sort which you alone might conceive (and remember more easily), such as "mycatisblue". In fact, using this character string backwards, as "eulbsitacym", might work even better if you're so inclined. An argument for this kind of thinking is put forth in the following somewhat dated article: Do Sentences Make Better Passwords? Have a look, and judge for yourself.

As for passwords you definitely shouldn't use, here are a few: "1234", "abcd", "ill" (especially not for your ILLiad account).

You may also be aware that CWRU UTech currently provides its own Password Security Page, to assist you with your own campus network account use. This also serves as a good source for further advice and recommendations on passwords in general, and certainly would be relevant for ILLiad or any other online service site which you may use. Keep in mind that the location of this page is subject to change at any time--I assume no responsibility for the stability of this link.

Please be apprised that in an upcoming version of ILLiad, you will be required to update your password upon entering your login session. At the point when this upgrade has officially been put in place, you will be directed to the "Change Password" form in your account rather than to your main page. You will then need to enter your current password as well as a new password (twice), before proceeding any further.

You will not need to be concerned about any password security requirements, but you will on the other hand not be able to re-use any previous passwords either. From then on you will be prompted in the same way to change your password periodically, after a number of days yet to be determined--most likely every 180 days.

As always, we hope this is helpful, and prepares you for what is to come in the near future.

Questions or concerns about ILL or ILLiad? Please feel free to contact the ILL staff at KSL by phone at 216-368-3463 or 216-368-3517, or by e-mail at smithill@case.edu.

Trackbacks

Trackback URL for this entry is: http://blog.case.edu/carl.mariani.KSLILLiad/mt-tb.cgi/28070

Comments

Post a comment





If you have entered an email address in the box, clicking this checkbox will subscribe your email address to this entry so that you are notified if any updates or additional comments occur on the entry.