What’s the point of a password, if it’s published on the front cover of a magazine?
It seems a reasonable question, and I can’t blame GP Thinus van Rensburg asking it on Twitter when a copy of Diabetes Management felt into his lap.
The password grants users access to the “complete, searchable archive of all Health Publishing Australia medical journals.”
Okay, it’s probably not the most sensitive information in the world as it’s an archive of medical magazine articles. But you do have to wonder why they bothered to have a password at all if they’re going to make it so public?
And just to prove the point about the err… pointlessness of the archive having a password, just visit the website and try to visit the archive.
Do you see what I see?
Let’s zoom in it a bit more…
Still can’t quite read it? I’ll zoom in for the benefit of those of us in our forties…
Yup. The magazine’s online archive has (alongside its password form) a sample cover of Diabetes Management – complete with its ever-so-helpful reminder of what the right username and password is.
Even better, you can reset the password for the hpa account so nobody can access the website!
No you cannot – only if you manage to intercept the password reset email that goes to the email account associated to the user 'hpa'.
It's especially better for ankle-biters who think they're cleverer than others when in fact they're showing the exact opposite (as well as many other things)…
The key question would be, how much access does that ID give to the person using it? If it is just read access, then it is an old practice since the 70s of giving "free" access or a free copy of/to [name product] so that you get to pay for the full access under your personal ID, or in the 70s case, phone this number, say the password/code for a freebie. Seems more like a internet age version of the freebie on the cover ( anyone remember the old copies of 45's on a thin piece of plastic, shaped square but stamped circular, plays on a 45/33 and a third player).
This has been used as a method to stop certain search engines being able to list the library content in their search results. Old method, but works.
A username/password combination also makes it significantly more challenging to scrape the website for data…granted, they could ratchet this up a few notches by simply adding a ReCaptcha.
I have noticed that since your article was published, they appear to have taken the archive offline. Albeit by simply deleting the DNS record for the server.
All still online :) I've just had a read through.
I get the point but limiting access to medical research/literature is only harmful so on the whole I don't see this as a problem.