Soft Skills: What’s your password?
I guess I need to revisit soft skills due to another situation I’ve come across recently. As many of my followers know, I work a few different jobs. The recent one I started when I moved down here to Texas, hired me through a contracting agency. This means getting full admin rights in order to do my job proficiently is a bit daunting, as I’m not actually an employee and would have access to PHI. No big deal, I get it. So I’m migrating user profiles from Windows 7 to new PC’s running Windows 10, unfortunately for me there’s added encryption. This means having the user login so I can migrate it or requesting full network admin rights(again.) Here’s the issue, I brought this to the attention to the lead tech, and he informs me I “just need to ask the user for their password in order to login under their account.”
Excuse me..wait.. what? I express my concern with this, and my job is now on the line. He begins telling me this is how its always been the 11 years he’s been here. Then starts suggesting that if I’m not able to do that, maybe we should speak with my supervisor about my future employment. I had nothing I could say to this, just. shocked.
So I decide to speak to my manager about the issue(excluding the job threat). I begin requesting full admin access, informing them that the lead suggested I ask for the password, and he said “yeah, that’s how we’ve always done it.” He continues on with, “Or even go into Active directory and change the password so we can then login.” I inform him, we still need that admin access to get into Active Directory as well.
Here’s the kicker, an email went out just a week or two prior to inform end-users not to stick their passwords on sticky notes at their desk. They were hiding them either under the keyboard, mousepad, or maybe not hidden at all but on the side of the monitor.
There’s two issues I see with this.
NEVER GIVE OUT YOUR PASSWORD.
NEVER. GIVE. OUT. YOUR. PASSWORD. This is what we were taught from the beginning of using computers. In a HIPAA and PHI risk environment you would think that this would be a concern. I don’t care if you are in a PHI environment or just a tollbooth attendant at DFW airport. If you have a password for something, don’t share it!
On the other side, no one should be asking meaning if someone is, let someone higher up know. I found out later I was correct in my actions by choosing not to and bringing attention to this flaw in our system. If you are the one being told to ask for this, think carefully about it. Why is there individual passwords, probably to restrict access to those that need it. Its called Integrity, broseph! Claim it! Use it! Stand up for what is right.
Here’s the TL;DR..
- Never give out your password. It’s your password for a reason, the person asking for it doesnt have it for a reason.
- If you need access under someones ID, ask for them to login and then perform whatever changes need to happen.
- If you get asked, report it immediately.
- Familiarize yourself with different phishing tactics. Be aware.
This is how its always been…
This phrase, where do I begin other than it making the speaker sound lazy and resistant to change. This example primarily, because I’m not going to go into psychology, is ridiculous. This process should not have been been in place to begin with. I’d love to meet the first person that either suggested that we do this, or first had the nerve to do it.
Now in general this phrase, I just cant face palm enough when I hear it. “This is how its always been.” “This is how we’ve always done it.” Unacceptable. You realize things can change, right? They can get better. Leslie Durr explains it better here.
I got nothing else on this. All of its just unacceptable.
Here’s the TL;DR..
- Don’t be the person resistant to change, question why we are doing things and why we do it that way.
- Don’t talk to people in the bathroom. Its very uncomfortable.
Let us know how we are doing via our contact form or call us at (810) 545-8344