Cohousing-L Mailing List: Re: How do you manage online accounts in your community?

[Sharon Villines (sharon]

> On Aug 7, 2024, at 10:08 AM, Ruby Reay <rurubux [at] hotmail.com> wrote:

> Curious how you manage online account access in your community for services 
> used for the community. In my community we have a wide range of technical 
> expertise (tl; dr - not much), so that makes things challenging, but not 
> impossible. Do you manage credentials at the team level? How many people have 
> access to these credentials for say, everyday work vs backup users. I am not 
> asking about banking and finance, but other accounts.

This issue has wider ramifications than it might seem. Access to information 
can create inequality. Information is power and restricting access increases 
its power. The plantation owners in the Old South banned African Americans from 
learning to read and they didn’t support poor whites reading either. Weaknesses 
in the educational system in some states still stem from this attitude — it 
wasn’t neglect, it was purposeful. The wealthy plantation owners simpley sent 
their sons to England to be educated. The Puritans who landed in New England 
set up schools almost immediately and required all children to go to school. 
The dominance for so many decades of the same WASPs in society and government 
stems from this emphasis. 

That may seem far removed from how to save passwords, but restricting this 
information can create the same kind of dominance and inequality. And even 
more, inconvenience. In a community where everyone is needed to maintain the 
facilities and the social life, they need to be educated. They need 
information. 

Not having information is also a convenient excuse for not taking 
responsibility. Ignorance is a great defense. The convenience of having so many 
hands to help is quickly blocked by the inability of those hands to access 
information easily.

Ask yourselves

1. How important is “security” in each instance where a password might be used?
2. How do we decide which community members cannot be trusted?
3. What are the disadvantages of having only 3 people with access?
4. What information would be damaging if it were obtained by someone who was 
not intended to have it? What could they do with it? And who even cares?

It’s very important when trying to create a community based on particular 
values to avoid transferring systems from communities that do not share those 
values. A cohousing community is not a military installation, a multi-billion 
dollar corporation, or a complex federal agency. Cohousing communities value 
inclusion, shared responsibilities, self-reliance, enabling, etc. 

There is a great gap between reasonable safety and maintaining a system 
designed to prevent the theft of 20 billion dollars or stop an armed militia 
from taking over the country. 

When new people move in we have calls for more security because they are 
shocked by our lack of concern. Whenever we give in and do something that is 
considered minimum security in institutions, we regret it. Inevitably someone 
forgets the password that gets you into the password that gets you into the … 
And a whole system of getting things done is broken. We once required three 
signatures of three specific people on checks, until we needed a check for the 
elevator inspector and all three of them were out of the country for weeks. I 
think we now have 2 of 5 people.

Because a new person (who was in the military) was afraid to write down 
passwords or send them via email, for example, we were unable to fix email 
accounts that had problems for a week because the two people with the password 
were out of town. We had to wait for F2F transmission.

There was period of time when we had 10-12 children between the ages of 6-10. 
The kids room was a constant mess because the children were old enough to use 
the room without parental supervision so we locked it. On a tour one of the 
visitors was horrified. “So who has the key?” He was confused when I said “Oh, 
everyone has a key." Locking the room only required a heads-up on the part of 
parents that they were letting their children into the room and were thus 
responsible for cleaning it up. As soon as the room returned to habitability, 
we unlocked it again. 

It makes sense to have a password on all our Wifis connected to our intranet, 
but we use the same password so if someone forgets it anyone else they contact 
will know what it is. We have two codes for the entry doors — one for residents 
and one for delivery people. We change these periodically but that causes much 
more upset than I suspect it prevents. “Periodically" has often been years, not 
every month like many corporations do.

We have a webpage with all the passwords and codes. And we have a ‘general 
password’ that is used whenever I set up new accounts. We have changed it once 
in 25 years. 

The Board once requested a special password-protected page on the website for 
Board correspondence. Not a seemingly unreasonable request. Surely the Board 
will have confidential correspondence. But then think again — Why? What would 
it be? We are all partners in this enterprise. Why is a Board member privy to 
information no one else in the community can have? To whose advantage is it 
that member accounts can’t be seen by other members? 

But when we were in legal negotiations with a contractor, only 4 people were 
part of those discussions with the lawyer. We all agreed on who those four 
people were. 

Why do we determine our actions based on the worst thing that might happen?

Why not ask “How will this ensure inclusiveness, equality, participation, 
transparency, self-reliance, ……"

The only way to change things is to measure them from the opposite side. 
Prevention can also be oppression.

End of rant. Not really a rant, but I know it can sound like one. I think we 
need to remind ourselves that systems have controls that produce intended 
consequences. Are those the consequences we want?

Sharon
----
Sharon Villines
Takoma Village Cohousing, Washington DC
http://www.takomavillage.org