An ILL Mystery... and a note about ILLiad Basic Authentication Password Requirements
We received a report from an ILLiad site who received multiple requests from different libraries to scan in color various chapters from the same very expensive book owned by only a few libraries throughout the world. They also got a borrowing request from an uncleared fake patron account for a chapter from the same book. They were concerned that the requests might not be legitimate and asked if we could look into it.
In our investigation of some of the borrowing requests, we found that a few individual patron accounts at the borrowing libraries had been used to create requests without the knowledge of the legitimate account owner. These credentials could have been stolen or maybe just guessed correctly if the passwords were weak or predictable. We thought it would be a good idea to bring this situation to your attention and make some recommendations.
If you are using basic ILLiad authentication, we recommend implementing password requirements to enforce stronger passwords. You can learn more about this here: https://prometheus.atlas-sys.com/display/illiad/ILLiad+Authentication+Password+Requirements The default validation rule for passwords now requires at least eight characters with at least one lowercase letter, one uppercase letter, and one number.
If you notice a number of unusual chapter or article requests with a specification of “please scan in color” you may want to follow-up with the borrowing patron to be sure they are real requests. The reported requests all contained that instruction in the photoarticle title field.
We are contacting the borrowing libraries that we know about to alert them to look into the patron making the color scan requests that raised the flag.
Newer ILLiad sites typically automatically have the stronger password requirements installed. If you need help implementing the password requirements for ILLiad Basic Authentication or figuring out if you have implemented the 8 character requirement, please contact your ILLiad support representative.