I had to call IT support at today at work

[Mark R]

For various reasons I hadn't needed to use a particular confidential computer system for about 6 months and had forgotten my password.

So I phone IT support:
'Hello. IT support. Jim speaking'
'Hi. I've forgotten my password for the <Insert System Name Here> system'
'OK. What's your user name?'
'It's markr6'
'OK. I've reset your password to password'
'Err. OK. Thanks'

<Hangs up>
<Logs in>
<Thinks, Hmmm. How do you change the password?>
<Picks up phone again>

'Hi. It's IT. Bob speaking'
'Hi. How do you change your password for <Insert System Name Here>?'
'You can't do it yourself. You need to ask one of us to change it for you. Have you forgotten your password?'
<Bangs head on desk>

Glad to see everyone is au fait with good practice in computer security.

Note: Names have been changed to protect the guilty.

Cliffs:
1) IT dept change password to 'password' after I give them no info other than a userid.
2) You can't change the password for the system yourself.

 

[JS80]

lol our IT guy's name is Mark R

 

[Krazy4Real]

LMAO

 

[Pepsi90919]

-1/10

 

[Aikouka]

Oh man, if that happened where I worked, they'd be sooooo fired :Q.

 

[2Xtreme21]

Yeah, is your IT department full of 3rd graders? Sounds like it.

 

[neutralizer]

Who resets the password to password with no option of changing it?

 

[yowolabi]

I've run into this stuff many times before. I can't understand why they bother to password protect some things at all, if someone has decided that it's alright for the system to be so flawed.

 

[chrisms]

Why even have the password? Booo

 

[jtvang125]

I fail to see why IT is at fault here. Since you mentioned 2 different names I'm assuming you spoke to 2 different people. I don't see how the second guy would know what the first one did without you explaining the password was already reset. Your poor communication with support was the problem here and not IT.

 

[Steve]

Where I work there are at least 20 different things that require passwords, some use the same password as each other or some authenticate off your NT password, in any case we are not to give out passwords over the phone under any circumstances.

 

[Mark R]

Originally posted by: jtvang125
I fail to see why IT is at fault here. Since you mentioned 2 different names I'm assuming you spoke to 2 different people. I don't see how the second guy would know what the first one did without you explaining the password was already reset. Your poor communication with support was the problem here and not IT.

The problem was sorted in the end. You've missed the point.

My point was that the first guy reset the password to an absurdly insecure password, on a system where the users cannot change their passwords, without asking for any proof of identification. Bear in mind that this is (supposed to be) a confidential system, with strictly limited and audited access.

Obviously, I would hope, my password was changed to something a bit more sensible as soon as I had picked my jaw up from the floor.

 

[randay]

Originally posted by: Mark R

Originally posted by: jtvang125
I fail to see why IT is at fault here. Since you mentioned 2 different names I'm assuming you spoke to 2 different people. I don't see how the second guy would know what the first one did without you explaining the password was already reset. Your poor communication with support was the problem here and not IT.

The problem was sorted in the end. You've missed the point.

My point was that the first guy reset the password to an absurdly insecure password, on a system where the users cannot change their passwords, without asking for any proof of identification. Bear in mind that this is (supposed to be) a confidential system, with strictly limited and audited access.

Obviously, I would hope, my password was changed to something a bit more sensible as soon as I had picked my jaw up from the floor.

you do realise we have your login now?

 

[k1pp3r]

I'm kinda wondering what the app is now.

 

[bucwylde23]

guy would be fired same day where I work. passwords are a pretty big deal here.

 

[zerocool1]

Originally posted by: Aikouka
Oh man, if that happened where I worked, they'd be sooooo fired :Q.

ditto, i'd need my preset, my employee id etc

 

[Kwaipie]

We fire people that forget their passwords. Simple.

 

[bucwylde23]

Originally posted by: Kwaipie
We fire people that forget their passwords. Simple.

that's one way to weed 'em out!

 

[AreaCode707]

Originally posted by: Aikouka
Oh man, if that happened where I worked, they'd be sooooo fired :Q.

Man, I wish my company fired stupid people... We'd run at least 3x more efficiently, and on half the staff!

 

[skywhr]

Our IT department sucks its been 2 days my pc has been unable to attain an IP Address. Call went in on tues, they came by, muttered then disappeared. They are aware of the IP issue I spoke with them, so they came back today said that the port had probably been deactivated....... but they didnt have a key to the networking room and the guy with the key was on vacation.......so I will not have a working pc on my desk until maybe tomorrow

 

[lokiju]

The place I'm on contract at now doesn't have a password policy in place either.