Password Tips

Password security is becoming increasingly important as individuals move more and more of their personal data into online services. In her Microsoft Small Business center article 5 tips for top-notch password security, Kim Komando offers some password best practices:

  1. Don’t be complacent: Attacks can and do happen.
  2. Know what makes for a bad password.
  3. Get proficient at creating good passwords.
  4. By all means, safeguard your password(s).
  5. Change your password(s) often-as in several times a year.

Of these, it seems many people struggle with number two, knowing what makes for a bad password. Ashlee Vance of the New York Times wrote in January 2010 about the popularity of simple passwords:

According to analysis by security firm Imperva, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

The weakest passwords are those that are short, use only letters and numbers, and are easily memorable or associated with a person’s identity. What goes into a strong password? Some tips include avoiding words found in the dictionary, replacing letters with numbers (think zero instead of the letter “o”), utilizing special characters like “!”, “$”, and “*”, and making passwords longer in order to provide protection from brute force attacks. How long is long enough? In another NYT article this past June, Randall Stross wrote:

Here’s a little quiz: Which is the stronger password? “PrXyc.N54” or “D0g!!!!!!!”?

The first one, with nine characters, is a beaut. Steve Gibson’s page says that it would take a hacker 2.43 months to go through every nine-character combination offline, at the rate of a hundred billion guesses a second. The second one, however, is 10 characters. That one extra character makes it much, much stronger: it would take 19.24 years at the hundred-billion-guesses-a-second rate. (Security researchers have established the feasibility of achieving these speeds with fairly inexpensive hardware.)

Another important consideration is how often passwords should be changed. Ms. Komando recommends changing passwords as often as every 30 days. Also, users should consider using different passwords for different services. Many times hackers are able to access a single user’s entire digital presence because they use the same username and password for all their services. Lastly, none of these measures matter if the password is known by another person!

Cloudy weather: where to store your stuff in the cloud?

My Twitter feed was abuzz (atweet?) not long ago with the new Terms of Service put forth by Dropbox, a service many of us use to store documents in the cloud (i.e., on a remote server where you can access them from any web-enabled device). Dropbox clarified their terms via a blog post, but when you are using a commercial service like this, it never hurts to look around every so often and see what your alternatives are this week – there are always new services and changes to existing ones!

So what are your options for storing your “stuff” so that you can get at it anywhere? I’m still using Dropbox, but Lifehacker has a nice review of similar services, some of which I was not familiar with: Windows Live Mesh, SpiderOak, SugarSync, and Wuala.

Two other services that I’ve been using for a while are good old Google Documents (particularly useful for collaborative work) and Amazon’s cloud drive (which will accept all sorts of files but is optimized for storing music, with its own web-based player; it works seamlessly if you purchase digital music from Amazon, though I’ve found that it is painfully slow to upload music you already own).  I have an invite for Google Music, which is still in beta, but haven’t gotten around to setting up my account yet.

All of these services are currently free at the basic level, though most of them have paid versions that offer more storage space and sometimes additional features.

Do you store files in the cloud – whether as a backup or so you can access them on-the-go? If so, what service(s) do you use, and how do you like them? Let us know in the comments!

UPDATE, 8/12/2011: Gizmodo has published a very nice review of their favorite cloud storage services. There’s lots of great information here. Read it at

Students and Tablets

The Pearson Foundation recently came out with a report that highlights the changing landscape of tablet usage among students, in both high school and college settings. The study was done to “gauge college students’ and college-bound high school seniors’ opinions about digital device ownership and purchase intent; perceptions towards tablets; tablet usage and features of interest; and preferences between digital or print formats when reading, studying and doing other school-related activities.”  The outcomes are particularly interesting for a number of reasons-while ownership of devices is still low (only 7% of the almost 1100 college students  and 4% of the 200 high school students surveyed owned tablet devices), the interest in tablets is booming. Nine out of ten of those who own tablets said the device helped them study more effectively and efficiently, and three quarters of those surveyed said they thought tablets helped students perform better in class. One of the biggest shifts, researchers note, is the way that this interest in and acceptance of mobile technology affects the use of digital textbooks. Check out the entire report!


404 Pages

404 pages are the worst. As a user, you don’t know why you can’t find what you need; as a designer, you hate that users can’t find what they need. On the IU Libraries website, there is a chat box on all 404 pages, providing the user the opportunity to immediately connect with a librarian, who can then point them in the right direction and provide further research help. However, not all 404 pages are the same-check out a collection of some of the best 404 pages (some of which include cats and Storm Troopers!).

Get your IUB Libraries news on the go…

I think being mobile-optimized is one of the niftier features of our new blog service. Using a plugin (WPMS Mobile Edition), we are able to simply flip a switch and … pow! automagically enable mobile-friendly blogs.

Curious what this looks like? Here are a couple screenshots of the reDUX blog taken on my iPhone.

mobile friendly blog (screenshot)mobile friendly blog post

Shiny! If you are running your own WordPress site (just a single site, rather than a multi-site installation like ours), you might want to try something like WordPress Mobile Pack.

Blah-gs No More: Newer, Faster, Better, Shinier

Join Anne Haines & Courtney Greene of DUX for an overview of the new IUB Libraries Blog service (, launched earlier this month. In this session, they will discuss the new features and functionality of the blog service, give a peek into the day-to-day of maintaining a blog by demonstrating the staff interface, and present an overview of how to get started blogging for a department, unit, or Libraries group for interested parties.

When: Thursday, June 30th, 1-2p

Where: Wells 043

Some highlights of the new blog service:

  • a combined RSS feed, allowing people to easily subscribe to all content from all IUB Libraries blog service blogs
  • a set of themes that are customized for the IUB Libraries (fully branded & in conformance with IU identity standards)
    • plus, all blogs are now mobile-ready!
  • blog content will now be returned as part of the library site search, making it easier to find
  • statistics tracking using Google Analytics
  • a more robust server and an updated WordPress platform
  • support with setup and blog maintenance from DUX

A policy statement for the IUB Libraries Blogs can be found on the intranet.

Thanks to everyone who helped launch this project, and special thanks to Keith Welch and Brian Wheeler for their technical support.

Happy blogging, & we hope to see you at the DRET workshop!

Mobile Redesign Project Needs Assessment

DUX recently completed a needs assessment as part of our mobile web site redesign project. We surveyed 52 students at several IUB Libraries and asked them to comment on how they use the IU libraries, how they conduct research, and which mobile devices and applications they use. Participants also provided feedback on the current  IU Libraries Mobile Site. A summary of our findings is listed below.

Key Findings

  • 60% of respondents own a smartphone.
  • Undergraduate students appear more likely than Graduate students to own a smartphone.

Respondents' ownership of smartphones

  • Smartphone operating system usage is divided: 57% use Apple iOS, 37% use Android, and 6% use Blackberry OS.
  • 96% of respondents do not own a tablet computer, 76% have no intention of purchasing one, and those that will purchase will do so at least 6 months in the future.
  • 75% of respondents indicated that they visit an IUB Library daily.

Respondents' visits to IUB libraries

  • Library Web Site usage is more divided: Daily 39%, Weekly 24%, Occasionally (every couple of weeks) 24%, Seldom (once or twice a semester) 13%.
  • Respondents reported their most heavily utilized services on the Library Web Site are IUCat and Research Databases.
  • The most requested additions to the IU Libraries Mobile Site are access to IUCat and Research Databases.
  • Facebook, Google, and e-mail were cited as the most frequently used web sites, followed by OnCourse and OneStart.

Respondents' most used websites

Brave new catalogs

Last week our department attended a NISO webinar titled, The Future of Integrated Library Systems (pt 2): User Interaction.

In it, three next-generation library systems were discussed. As we are looking at Blacklight & VuFind for our next generation catalog discovery layer here at IU, I’ll focus not so much on each system’s technology, but more on the other information covered:

  • Jennifer Bowen from the University of Rochester presented on the eXtensible catalog. Many of the design & functionality decisions were driven by the ongoing ethnographic research being conducted on that campus (see Studying Students: The Undergraduate Research Project at the University of Rochester [PDF]).

    They approached the project with the perspective of thinking of the catalog in terms of “what do our users need to do.” They also have a new book, Scholarly practice, participatory design and the extensible catalog, just released by ACRL. Two examples of what they learned:

    • Users want to be able to choose between versions/formats
      Their users definitely had preferences when searching (limit to online only – avoid microforms – etc), and preferred when the catalog results showed search terms in context. They started with MARC and did a lot of transformation of the data, working with FRBR (works, expressions, manifestations, etc)
    • Researchers value scholarly networks
      One way they accomodate this in their community is by defining local metadata: for example, noting the advisor on the record for a thesis.

  • SOPAC 2, a catalog primarily aimed at public libraries, was presented by John Blyberg of the Darien Public Library. Many of the items from this part of the webinar would be of more interest to public librarians and were perhaps not quite as transferrable to our situation, but I did think their robust and creative use of tagging was quite intriguing. They used tags to create “virtual displays” or easy ways to collect items around a concept (“Staff favorites”) or even a theme (“Movies Better than the Book”). As you can see from the previous example, they were also quite open to subjective metadata, and found that it added a lot of value for users.
  • and WorldCat Local, presented by Anya N. Arnold of the Orbis Cascade Alliance (Pacific Northwest) and Allie Flanary of Portland (OR) Community College. As we are generally more familiar with this system, there were fewer lightning bolts for me in this portion, but it was easy to appreciate their emphasis on user testing and on collaborating amongst the user community to identify and implement improvements for a better user experience. One quote in particular caught my ear (I’m paraphrasing): “Saying ‘Because Google & Amazon can do it’ is a reasonable expectation for our users.”

You can see info about the webinar here:

If you’re interested in viewing the recording, drop us a note in the comments or contact me directly!

Context and the mobile web

You can’t miss the chatter about mobile these days, and the realization that we may need to provide content in different ways to serve users in a mobile context. As DUX begins to take a renewed good look at our strategy (and armed with our spiffy new mission statement), we are re-evaluating what it means to provide services “where the users are” – for example, it no longer makes sense to build one website for desktop workstations, a completely different one for mobile devices, and yet another separately maintained application to provide services within Oncourse. Instead, we need to have a mobile strategy to repurpose our content and create – as Lorcan Dempsey says in this blog postdistributed experiences for multiple connection points. And it makes more sense now to think about the contexts within which our users are working, rather than to focus on the specific device or technology they may be using.

Dempsey’s post linked above is worth a read, as he nicely summarizes a lot of the issues around the current state of mobile information environments. In particular, do take a few minutes to view the slideshare presentation on “Beyond the Mobile Web” that’s embedded within the post; it nicely describes how the context (important keyword there) in which we use the Web has changed because of new mobile technologies.

Has the context of information seeking changed for our users, and is that due at least in part to the proliferation of the mobile web? If you have one or more mobile devices, have you changed your information-seeking habits? (I know I have! Even at home, I often grab my smartphone first – if I’m just checking email, looking up a dictionary definition, tweeting, or even reading a newspaper article, the phone is faster, more convenient, and let’s face it, more fun than firing up my aging, creaky old laptop.) What do you think?

Just what is this “discovery” business, anyway?

(Reposted from the April DUX Newsletter.)

You’ve been hearing a lot about the EBSCO Discovery Service, which we’ve just recently implemented here ( You may even have tried it out yourself for some searches, or given it a whirl at the reference desk. But you may still be struggling to explain (to faculty, students, or just to yourself) exactly what it is, how it’s different from federated search, what it’s good for, and why we have it anyway.

Look no further – Library Journal has published a very good overview that covers the problems we’re trying to solve, the history of how we’ve tried to solve them, evaluation criteria used in selecting discovery tools, how people are using them, and implications for the future. Check it out at and let us know what you think!