Monday, October 27, 2014

Keeping your “users” login/account information safe is a “must” on the to-do list of any library. SJSU speakers look at the challenges of keeping user data safe and their online activity private. Encryption provides basic security for website visitors, and most sites use HTTPS, an encrypted form of HTTP, to protect sensitive content such as passwords and e-commerce transactions. But it is not enough. Attack kits such as Firesheep and sslstrip have demonstrated just how easy it is to exploit gaps in encryption and compromise user privacy not just on social media sites, but on any web application, including library websites and OPACs. The Electronic Frontier Foundation and others urge us to use HTTPS all the time, on every page, for all content. Get the knowledge and tools you need to identify and plug the HTTPS gaps in library websites, OPACs, blogs, and other web applications so you can better safeguard the online privacy of your patrons and instill a strong sense of trust in the digital services your organization provides. Take away tips and best practices for HTTPS implementation and a list of free online tools you can use to test your website. Hoeppner explains how libraries can use Shibboleth to improve access to e-resources and protect an individual’s privacy. For most libraries, Shibboleth remains a mysterious, little-known alternative to EZ Proxy and IP recognition for authentication and access to e-resources. At first glance, the steep learning curve, unknown administrative requirements, and uncertain advantages can be daunting. Follow Hoeppner’s footsteps as she learned Shibboleth basics and jargon, took implementation steps for librarians and for IT, and reached out to users, and grab her lessons learned and options for expressing the value of the effort to administrators.