Thanks to all who responded (so quickly) to my request the other day. >From the responses the options (which may overlap) for handling the growing numbers of usernames and passwords are: 1. Rationalise your passwords. Have only one for each service - not always possible, with, for example, FT Profile needing a different password for each concurrent user. Use the same password for more than one service 2. List all the passwords on a Web page, which is accessible only from your own domain/IP addresses. This assumes that unauthorised users who are physically in the institution (visitors) cannot see the page. Remote users may not be able to get access, but then they may not have access to all the services, either. Not all services will be Web based so such a solution may not always be appropriate. 3. Have a printed list with them all. Alternatively incorporate into subject-specific handouts. 4. Use a script file (maybe using Perl) to automate the logon process, but restricted to your users. Rashpal Liddar at South Bank ([log in to unmask]) offers a sample script. OCLC First Search has appropriate procedures - see Automatic Logon Scripting at http://www.uk.oclc.org/oclc/software/fsauto.htm and IP address recognition at http://www.uk.oclc.org/oclc/software/ecoip.htm 5. Use IP address checking where a service allows it. Again, remote users will be inconvenienced. 6. In the future the ATHENS authentication system might be extended to cover more services. But would suppliers have to conform to ATHENS standards and would US suppliers want to? Local login requirements (eg, need or not for a system ID) may complicate matters. Of course, we might ask what level of security is needed. I'm sure BIDS passwords get passed around, but does it matter if use is still by university members? Have there been instances of abuse of BIDS and other services? (Its not the same as needing system logins to be able to monitor who is using services so as to monitor or deter hackers - or 'naughty boys' as they are known here!) So - next week's discussion topic is 'Why do we need security on networked information services?'