A little while ago in a post on ebooks I mentioned that users found Athens confusing. I then had an interesting email exchange with Phil Leahy over at EduServ (who I note from linkedin owns Beeses Riverside Bar Tea Gardens which looks fantastic – good luck with that!). I promised to summarise this and have been prompted to do so by a burst of authentication related chat on Lis-e-resources this morning (and ongoing).
The first thing to say is that we concluded that it would be fairer to say Authentication is confusing rather than my original Athens is confusing. For most people Athens = authentication – certainly in their work life. It is interesting to see how the debate is happening in the broader world around “Facebook wants to be your one true login” – ie the clash between those stumbling around the online world confused and the systems the more tech savvy take for granted.
Here are a range of reasons I offered why users are confused and some of the explanatory debate that followed.
- Having to remember a username and password. Anyone who administers Athens knows this one well. We all have many things to remember and all but the frequent Athens users tend to fall foul of this. But we still need to protect access – this is an issue with the user rather than the authentication.
- Issues with registration caused by the way NHS implements Athens (examples follow). Changes were made to enhance security and to bring it in line with more common web experience. It should reduce issues with inappropriate applications (I would rather have the old simpler route and disqualify the odd rogue registration as it comes through).
- I am at work but want to register on a non NHS email address – result – I cannot complete registration till I get home – confusion
- I am at home but want to register on any email address – result – either I cannot see my work email – or the reg goes into the manual system – confusion
- I am at work and want to register on my work address – result – the confirmation link still frequently takes an hour to arrive – I no longer have the time – confusion
- I previously registered but my login expired – I reregister – I am offered my old login again – I head blithely off and try and use this with my old pasword without completing the email link registration – confusion abounds
- I have started a registration but am stuck in not clicked confirmation link limbo – I call the librarian to free me – they can only either send a new code or do an entire fresh registration – confusion
- Athens login boxes on non purchased content. We obviously need Athens to be on all the resources we might want – but the users are disappointed when the access they were excited about fails to happen. This is a particular issue for Journals that we buy through an aggregator – the user guided by Google tends to head for the publisher site. Caused by success of Athens / nature of requirement for a visible login and a user education issue.
- Users with multiple Athens IDs due to the fact that they have multiple roles. The debate on list today kicked off with a variant to this – IP authentication that then removes the option to use an alternative login that may have different content. A general issue for authentication – Pilots have been run on how to manage this.
- Convoluted login paths. As the options for authentication grow more complex so the login experience gets more confusing – see BMJ Journals as an example with several screens and options before you get in – including different flavours of Athens. Do users know what kind of Athens login they have? Design of publisher sites is out of the control and remit of authentication suppliers.
- Users think Athens = content not door key. User education required.
In the end most of the issues relate to needing to find ways to make users understand how we offer them access to paid for resources. I have kept the debate coverage to what I believe to have been the core of the issue (there were chunky emails in both directions). Any words here are my interpretation and not necessarily quite how Phil would put it. Accordingly I am to blame for any misunderstanding arising. I thank Phil for engaging positively with the debate. Authentication is a daily frustration for librarians and their users and a debate with a long way still to run.
(the) health informaticist 
Good post – glad to see someone is worrying about this. Facebook/Twitter/OpenID/Webfinger won’t solve the problems you’ve identified, and as you say it’s not really an ‘Athens’ problem. A solution I think is to have an intermediary – a resolver – which negotiates the spaghetti between user/reference and the text. There must be a way to do this. SFX is just not good enough because it doesn’t take enough complexity away.
Having said that, the real simplifier is open access – no passwords, no fuss – and that should be the goal for librarians concerned with complexity. Congratulations on raising this subject though – it’s really important and often overlooked.
Hi Alan
As you say, it was very interesting exchange. FWIW I’ve now got involved in the support call you referred to in our exchange (“the confirmation link still frequently takes an hour to arrive”); I can see that it’s turned into something of a ‘techie standoff’, which can occasionally happen, so I’ve kickstarted things again from this side.
So you and your colleagues may need to co-ordinate with your ICT Systems Administrator again, but I am confident that we will be able to get to the bottom of it.
I see I have a slew of emails about my support call. Here is hoping for a resolution – cheers for input!
[…] years ago I blogged some thoughts on authentication and how confusing it is. I thought it might be interesting to revisit this in the light of the recent report sponsored by […]