guiding principles for authors organizing papers
41 views
Skip to first unread message
Matthew Kirschenbaum
May 28, 2017, 1:53:43 PM5/28/17
to digital-curation
Hello List,
An author friend writes with the following question:"Are there guiding principles that we authors can use to help organize and preserve our day-to-day records?"
He's not thinking only about electronic records, though that's part of it. Are there resources or guides for a potential donor looking to put their personal papers in order?
My own recommendations would be:
- Label absolutely everything.
- Indicate your priorities.
- For electronic media, print directory listings w/ date and time stamps; also include a README.
- For email and social media, make sure next of kin has passwords.
Thanks, Matt
--
Matthew Kirschenbaum
Professor of English
Director, Graduate Certificate in Digital Studies
University of Maryland
mkirschenbaum.net
Professor of English
Director, Graduate Certificate in Digital Studies
University of Maryland
mkirschenbaum.net
Michael Kjörling
May 28, 2017, 2:29:12 PM5/28/17
to digital-...@googlegroups.com
On 28 May 2017 09:33 -0700, from mkirsc...@gmail.com (Matthew Kirschenbaum):
> - For email and social media, make sure next of kin has passwords.
IMO this is a bad idea. Encouraging sharing actual passwords with
anyone is a terrible practice, and one that should be avoided as far
as is at all possible. It also risks breaking down if one changes
passwords without updating the information held by others, for which
there can be any number of reasons.
Rather, most modern webmail and social media services seem to allow
setting up a separate e-mail address which is associated with the
account and which can be used in account recovery. For where that is a
possibility, it's probably better to set up such an account, make sure
that a password reset can be performed with access only to that
account, and _put the login details for this recovery account
somewhere which is accessible, but perhaps not immediately so, to next
of kin_. By using that account to change the password to the main
account, one's next of kin can gain access to the main account in a
way that does not risk someone other than the account holder logging
in _undetected_; also without relying on a person continually updating
someone else's password records, possibly insecurely (I'm looking at
you, e-mail). (It's pretty obvious when your password changes, since
then you can't log in normally.) There are several ways in which such
restricted access to a password can be arranged, both legal and
technological.
That recovery account should obviously be protected by a very strong
password, and it might not be a bad idea to select the username
completely at random as well (so it's better to register something
like vieof9p...@gmail.com than me.myself...@gmail.com), but
one should probably _not_ use two-factor authentication for it because
there's no telling which 2FA tokens might be available when the
account is needed. The password could easily be 50-60 characters
selected at random, since it will almost never need to actually be
typed in.
Once access to a person's e-mail account has been established, access
to most other services can typically be established by using the
"forgot password" functionality of those latter.
Yes, it's a little more involved once needed (takes a bit more than
just logging in to a person's main account), but it is also _far_
better password hygiene. We shouldn't be training or even asking
people to handle their passwords irresponsibly.
--
Michael Kjörling • https://michael.kjorling.se • mic...@kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
> - For email and social media, make sure next of kin has passwords.
IMO this is a bad idea. Encouraging sharing actual passwords with
anyone is a terrible practice, and one that should be avoided as far
as is at all possible. It also risks breaking down if one changes
passwords without updating the information held by others, for which
there can be any number of reasons.
Rather, most modern webmail and social media services seem to allow
setting up a separate e-mail address which is associated with the
account and which can be used in account recovery. For where that is a
possibility, it's probably better to set up such an account, make sure
that a password reset can be performed with access only to that
account, and _put the login details for this recovery account
somewhere which is accessible, but perhaps not immediately so, to next
of kin_. By using that account to change the password to the main
account, one's next of kin can gain access to the main account in a
way that does not risk someone other than the account holder logging
in _undetected_; also without relying on a person continually updating
someone else's password records, possibly insecurely (I'm looking at
you, e-mail). (It's pretty obvious when your password changes, since
then you can't log in normally.) There are several ways in which such
restricted access to a password can be arranged, both legal and
technological.
That recovery account should obviously be protected by a very strong
password, and it might not be a bad idea to select the username
completely at random as well (so it's better to register something
like vieof9p...@gmail.com than me.myself...@gmail.com), but
one should probably _not_ use two-factor authentication for it because
there's no telling which 2FA tokens might be available when the
account is needed. The password could easily be 50-60 characters
selected at random, since it will almost never need to actually be
typed in.
Once access to a person's e-mail account has been established, access
to most other services can typically be established by using the
"forgot password" functionality of those latter.
Yes, it's a little more involved once needed (takes a bit more than
just logging in to a person's main account), but it is also _far_
better password hygiene. We shouldn't be training or even asking
people to handle their passwords irresponsibly.
--
Michael Kjörling • https://michael.kjorling.se • mic...@kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
Jess Whyte
May 29, 2017, 10:07:36 PM5/29/17
to Digital Curation, mic...@kjorling.se
Re email and access - one could also borrow a bit from the model at the Denmark Royal Library where they tested creating separate, archival email accounts - basically, set up a distinct email address which the donor includes as a bcc: on messages that are deemed (by the donor) to be of archival interest (or, retroactively fwds messages to, though this could cause the loss of header information). Access could then be given to this archival account without the donor feeling as though they were exposing their entire, personal email history. There is a paper on it in last year's iPres.
Another method is labeling or binning messages of archival interest (again, deemed so by the donor) and then actively, regularly exporting and archiving these, e.g. using the gmail archive feature and selecting all messages labelled "book project"
LoC guides to personal archiving: http://www.digitalpreservation.gov/personalarchiving/
Northwestern's libguide for personal digital archiving (includes tips for social media and email under content types): http://libguides.northwestern.edu/digitalarchives
-Jess
Reply all
Reply to author
Forward
0 new messages