Friday 13th preview

[ghostjmf]

TPTB around here e-mailed me "leave your ID # & password on my desk Thursday night; don't e-mail it, leave it on a piece of paper".

A. I don't wanna do it because then I'll have to change the password, but can't 'til after my short vacation, which could be "too late".

B. What needs to be done can be easily done by my leaving the computer on in a non-protected mode when I leave Thursday; all the doers need is access to a program they've already installed on my desktop, & which is turned on by a password that they have already set, not the one that gets them into many of my other files. I proposed that instead, but so far have no answer to it.

C. I bit my tongue & did not write back that "pieces of paper are not all that safer than e-mail, particularly".

D. Everybody's ID#, supposedly to be kept secret, is viewable by everybody with access to a different new program of theirs; I've pointed that out, only to be told that "we don't consider this a security risk". (The ID# & password combo is considered a security risk, though.)

[Bob Juch]

Most companies have a policy that passwords are never to be given to anyone for any reason.

[ghostjmf]

BobJuch says:

Most companies have a policy that passwords are never to be given to anyone for any reason.

I know.

I know the reasons for "not to anyone for any reason" too.

TPTB in this case is the law incarnate, jobwise.

I like having a job, in this bad job-hunting time.
So I will do it if I have to, which reads "since I can sense them getting angrier".

In this case, although my plane is at 10:15am, & I wasn't planning on coming in at 8:00am & logging in in their presence (if the easy "leave the computer on overnight" solution doesn't wash with them), I could do it & still make the airport on time.

If they want to log off & on again (something I surely would do if I were here) to see if "the changes hold after you log off & on again", they're going to have to have my info, though.

What makes the whole thing ickier is that there are actually 3 sets of names/IDs & passwords, one set specific to logging on, one set specific to this new program it has taken way too long for TPTB to get installed, & 1 set specific to setting up stuff in back of this new program, where it connects to another department's computer architecture (we'll be sharing a system that uses their servers, something previous IT depts nixed in the bud for just the reasons that have come up this time around), about which I was told "once the program is a desktop icon (which it currently is) I would never even need again".

If I leave all 3 sets I of course have to be clear about which is which. But the person I would be leaving the "which is which" sheet with doesn't like to have to read "which is which" stuff.


If everything actually is working except the "finishing touches" by the vendor's people who support, a term I use loosely, their product, leaving the computer on with the icon available is in fact the best solution.

It has been known several weeks in advance by TPTB that I would be out 3/13/09. It has taken many weeks to get this setup to this stage, but for some reason it all has to happen the day I'm out. I was supposed to be trained by the people who will be coming for the last time 3/13/09. Missing the training is the thing I'm least insecure about. It is, supposedly, documented. And its a computer program, which means I keep messing with it until the info I want eventually falls out, anyway. Would be nice to receive the "right way" training, though.

[Bob78164]

TPTB around here e-mailed me "leave your ID # & password on my desk Thursday night; don't e-mail it, leave it on a piece of paper".

A. I don't wanna do it because then I'll have to change the password, but can't 'til after my short vacation, which could be "too late".

Change it now. Then after you get back, change it back to what it currently is. --Bob

[Bob Juch]

TPTB around here e-mailed me "leave your ID # & password on my desk Thursday night; don't e-mail it, leave it on a piece of paper".

A. I don't wanna do it because then I'll have to change the password, but can't 'til after my short vacation, which could be "too late".

Change it now. Then after you get back, change it back to what it currently is. --Bob

She shouldn't be able to reuse a previously-used password.

[Beebs52]

Ghost, I'm confused. Do you have files that someone may need to access while you're gone? That aren't "secure" or "classified" or whatever?

I have coworkers with whom I work in my department that I leave my password with when I'm gone. Of course, I don't work at Rich U, but at a quasi-governmental entity. None of which is CIA protected or something.

I'm not understanding what the concern is. How many people have access to your PC that could destroy your computer files?

As was said earlier, reset your password when you get back. Or tell them you'll access your email while you're gone to respond to inquiries...

[sunflower]

I am an internal auditor, and if I found out anyone left their password, or anyone asked anyone to do so, there would be trouble.

Can they not log in as administrators to do this? Our IT people just do that when they need to do something, they have admin access to my machine but cannot see my files when they do that.

If you have an internal audit department, I'd call and ask their advice, that's a pretty big violation in my eyes.

[ghostjmf]

I am indeed doing the "set up a temp password". On the 2 accounts they will theoretically need to get into.

TPTB told me "when they set me up, they needed to log off & on again several times". They told me this without being prompted (though of course its a logicial thing to say if you've been through one of these setups). At any rate, they stand firm on "needing my login info".

I'm going to leave the desktop on when I leave Thursday, & we're going to do the "sealed envelope" bit, at their suggestion; they'll only open the envelope if they do need it, they say.

I'm still setting up temp passwords.

I ran the "can I get my old password back" by one of the IT people, here on another purpose,
while TPTB was there. I will get hell for it, because of course IT person said what we-all are saying. But its important I have witnesses to this not being my idea. And they will waive protocol & get me my old password back afterward.

[ghostjmf]

sunflower says:

Can they not log in as administrators to do this? Our IT people just do that when they need to do something, they have admin access to my machine but cannot see my files when they do that.

Both our IT people & the vendor's IT people have been involved. Its the vendor's IT people who will be doing their stuff Friday 13th. Even when there were stages (in getting the different depts' servers to co-exist & communicate) where our IT people were heavily involved, they had me log in & out, rather than invoking IT superuser privileges to do it. I think the reason has to do with how hairy the connection is in the 1st place; in many instances they thought they had it working, but it worked only for them, logged in as themselves, not for us.

This is all stuff the web was created to get around, but this very large vendor doesn't have this application (shipping & receiving software) up as a web application because, basically they have the corner on the market & don't need to. Their web app is still in its pilot stage, whereas the server-involved app (supposedly) works.

[ghostjmf]

Beebs52 says:

Ghost, I'm confused. Do you have files that someone may need to access while you're gone? That aren't "secure" or "classified" or whatever?

A vendor is setting up an application on my desktop. So what they need is access to my desktop, & they need to be able to log on & off & on again multiple times for unclear (except that few things they do "take" until they've reworked them, & they've been reworking this for months now) purposes.

TPTB here, or the vendor, is going to be logging in & out of my desktop. Its not that I work on classified material, although its all financial stuff, so its "not for public consumption" in that regard; no secret government files are on my desktop, "just" accounting data. And the accounting data someone would need a diff password to get into anyway.

Its just a bad security move to let passwords to your system out. Especially with outside vendors involved. People could theoretically load up your computer with ways for them to hack back in, even after I've changed the password back.

In earlier, happier days, a couple pairs of people here did indeed share system access, in case one of us was hit by a truck or something, & the data needed to be got at. Not so any more.

[gsabc]

Beebs52 says:

Ghost, I'm confused. Do you have files that someone may need to access while you're gone? That aren't "secure" or "classified" or whatever?

A vendor is setting up an application on my desktop. So what they need is access to my desktop, & they need to be able to log on & off & on again multiple times for unclear (except that few things they do "take" until they've reworked them, & they've been reworking this for months now) purposes.

This is probably similar to what all too many MS updates do; after they download and install, they require a restart to finish their installation. I'd bet your new vendor software also requires a restart at installation and with every tweaking, so TPTB has to log in again every time that happens.

[kayrharris]

We can't give our password to anyone and if it needs resetting, the number we call into has a "voice print"
of our voice and won't change it if the voice on the other end doesn't match. Guess if you have a cold and
your password needs resetting, your sol. I dunno, cause I've never used the voice print service.

[SportsFan68]

We can't give our password to anyone and if it needs resetting, the number we call into has a "voice print"
of our voice and won't change it if the voice on the other end doesn't match. Guess if you have a cold and
your password needs resetting, your sol. I dunno, cause I've never used the voice print service.

We can't give out our passwords either, even to IT Boss. Passwords are reset by our own IT department in about two seconds if we have to, so there would never be an access problem for a boss or anybody else who needed it.

[Estonut]

You probably even signed an HR document at some point, promising not to divulge your password to anyone. In most companies, it is an offense for which you can be fired.