Tag Archives: best practices

Recognition for Review: Who’s Doing What?

Peer Review

To help celebrate Peer Review Week 2016, we asked the 20+ organizations on the steering group to tell us how they #recognize review and what more they hope to do in future. Their responses show a clear understanding of the importance of peer review and a firm commitment to supporting more recognition for review in future.

Peter Berkery, Association of American University Presses (AAUP)

Peer review is woven deep into the fabric of AAUP. Our membership guidelines instruct that regular members must meet the editorial criteria of having both a board that certifies the quality of its scholarly publications, and a peer review process that meets a common standard.

The Association’s Admissions & Standards Committee holds applicants to a rigorous standard, reviewing editorial processes undertaken in recent publications for consistency with these standards. Membership in AAUP recognizes the importance of peer review to the scholarly record, and recognizes those nonprofit scholarly publishers who commit to this work—and the editors and reviewers who uphold our standards.

We recently articulated the common standard of peer review quality in monographic publication in Best Practices for Peer Review, which is available under a CC-BY-NC-SA license. It is the (peer-reviewed!) product of a two-year consensus-building effort by the AAUP Acquisitions Editorial Committee.

We expect that the practice of peer review may change in the future—as disciplinary norms shift, and new experiments in the format and delivery of both scholarship and scholarly peer evaluations find successful models. The reason for peer review—to help develop and validate high quality scholarship—will remain, as will its central role in AAUP and in AAUP membership. Continue reading Recognition for Review: Who’s Doing What?

AAUP12 Twitter feed (partial) archive

Annual Meetings, , , ,

By Dennis Lloyd

One of the great things about the AAUP meeting in the last few years has been the simultaneous conversations that have taken place on Twitter before, during, and after the meeting. The use of the #aaup12 hashtag made it easy to keep up with discussions, and even follow presentations that were taking place simultaneously to the one you were attending. (Or, in the case of AAUP staff members who weren’t able to attend, even if you weren’t in Chicago at all.)

However, what if you want to revisit that information later? It’s incredibly difficult to do so. (Don’t believe me? Go to your twitter account and try to search for the #aaup11 hashtag.) There are ways to archive, but also difficult to do after the fact. At least as far as I can determine.

I don’t know Martin Hawksey, but I was able to follow the instructions on of his blog posts to create a partial archive of the #aaup12 tweets. I say partial, because the 1500-tweet limit only allowed me to back up to some point during the first round of sessions on Tuesday morning. Although someone with better blogging skills than I might be able to actually fold them into this post, instead, I’ll just offer a link to the spreadsheet of those posts I created on google docs.

Hope some of you find this helpful! And if anyone has a complete archive of tweets, or knows of a better way to save them, step up!

Security shouldn’t be so hard to remember – considering the pass-phrase

Business,

One of the things we’ve tried to do at the Digital Digest is to address best practices on topics that are in the news. With the upcoming launch of Windows 8 and its new approach to passwords we thought it would be a good time to talk about password and pass-phrase options as they relate to the overall security of information on any network.

As computer systems are more important to business and pleasure, more hackers are trying to exploit those systems. Unfortunately the weakest link in security is often the human one – people still use simple passwords that are easy to guess, or when forced to pick a “complex” password they resort to writing them down or storing them in non-encrypted files.

There are many reasons for this, but the biggest one is that it’s very hard to remember things like “Xy3<$8yHl7@1”. Is that a capital “I” or a lower case “l”? These cryptic collections of letters, numbers and symbols are increasingly difficult to remember and to keep straight, so in order for someone to access the systems, they defeat the entire purpose of a password and write them down.

It’s good practice to have a separate password for your email and your financial accounts, another for your network, yet another for your work email, your work network, and so on… One way to avoid having to commit to memory so many cryptic confusing passwords is to use a pass-phrase for each system instead. A “pass-phrase” is a series of letters and numbers that mean something: “l3tMeln” for “let me in,” for example. Another example might be “TheSunWillComeOutTomorrow!” or “I<3MyDog”. Each of these pass-phrases is more memorable because it means something to us. It’s not just a cryptic string of random characters.

Software security guru Robert Hensing said the following in 2004:

So why are these pass-phrases so great?

  1. They meet all password complexity requirements due to the use of upper / lowercase letters and punctuation (you don’t HAVE to use numbers to meet password complexity requirements)
  2. They are so freaking easy for me to remember it’s not even funny.  For me, I find it MUCH easier to remember a sentence from a favorite song or a funny quote than to remember ‘xYaQxrz!’ (which b.t.w. is long enough and complex enough to meet our internal complexity requirements, but is weak enough to not survive any kind of brute-force password grinding attack with say LC5, let alone a lookup table attack).  That password would not survive sustained attack with LC5 long enough to matter so in my mind it’s pointless to use a password like that.  You may as well just leave your password blank.
  3. I dare say that even with the most advanced hardware you are not going to guess, crack, brute-force or pre-compute these passwords in the 70 days or so that they were around (remember you only need the password to survive attack long enough for you to change the password).

As more of us become reliant on computers and the cloud it seems more important than ever to guard your passwords and maintain separate passwords between systems. What better way to do it than using quotes from your favorite songs, tributes to your kids, or a shout out to your favorite movie monster – “I<3Godzilla!”? I should have listened to Hensing sooner and I’d have locked myself out of various websites a lot less.

Now, a friend or a hacker armed with one of those ubiquitous email “surveys” could still compromise the phrases discussed above. For even more security you can try a system like Diceware. Diceware gives you the ability to create random strings of words that are even harder to crack than a general pass-phrase.

Diceware™ is a method for picking passphrases that uses dice to select words at random from a special list called the Diceware Word List. A five-digit number precedes each word in the list. All the digits are between one and six, allowing you to use the outcomes of five dice rolls to select one unique word from the list.

All you need is five dice and the Diceware word list to have an almost uncrackable password.

xkcd had it right:

Image

Ultimately we’re all responsible for the security of the data we touch, whether it’s ours or it belongs to others. We must find better ways to secure this data and to eliminate the temptation to write passwords down, or to use passwords that are too easy to crack.

Posted by Bonnie Russell, Wayne State University Press