I work internal IT for a retail company. We get a lot of password reset calls, and for security reasons, we have to talk to the user who is requesting the password for verification purposes. This is a policy that’s been in place for as long as I’ve been with the company and was in place before that. But for some reason, a lot of the stores think it’s no big deal to share passwords, and we get the occasional manager who tries to sneak around rules and process just so they “don’t have to wait”.

Something we’ve recently started doing is for new employees, on their first day, their temporary password is automatically generated and sent to the manager on file. I get this call from a manager one day.

Manager: “Hi. I have a new employee and I didn’t get his temporary password.”

Me: “Hmm. Can I get [employee identifier] so I can check his account?”

Manager: “It’s [identifier]. He is a rehire, though, and we had to change his start date a couple of times. I don’t know if that would affect it?”

Me: “It can, unfortunately. Sometimes, with multiple start dates, the system just can’t keep up and it doesn’t generate. I can reset his password, but I do need to talk to him. Is he available?”

Manager: “Oh, he’s not here right now. Can’t you just reset it for me? I’ll verify in his place.”

Me: “For security reasons, I can’t provide a password for another employee without talking to them first.”

Manager: “I get where you’re coming from, but I just can’t have him holding for an hour. Last time we tried to call, we were on hold for two hours and no one picked up.”

Me: “Yeah, unfortunately, we’ve had a lot of new hires and there have been some delays. But we do have people on the phones twenty-four-seven, and he can call us from home, as well. Our external number is [phone number].” *Checks the call board* “And I currently show that we don’t have any holds, so if he calls now, we can get him taken care of.”

Manager: “I really get where you’re coming from, but I just really need you to do this for me. I called the other day and the tech was able to do it, so can’t you do it for me?”

Me: “For security reasons, I can’t provide a password for another employee without talking to them first.”

Without telling the user, I also check her call records, and while I do see another call from her that mentions another user, there’s no way to tell with 100% certainty if the tech actually talked to the employee or not. I still send my manager a message, because it’s a new technology, and if they’re not following the process, that could mean trouble for us. I still don’t tell my current caller about any of this. The only time we use someone else for verification is a very specific set of circumstances, but the requesting user still has to be present and the tech does have to talk to them.

Manager: “I get where you’re coming from, but please do this for me? I really can’t have him waiting off the floor. I’ll verify in his place.”

Me: “For security reasons, I can’t provide a password for another employee without talking to them first. He can call us any time at [number] so we can verify him and get him a password.”

Manager: “Ugh. Let me try to call him. If I get him on the phone and conference him in, can you reset him?”

Me: “If I can talk to him.”

Manager: “Hang on.”

I hear her dialing and it goes to voicemail, twice.

Manager: “Well, I guess he’s busy.” *Heavy sigh* “Fine, I’ll— Oh, wait! He’s calling me back, hang on!”

She answers and tells him to talk to me about getting his password.

User: “Hi. I need to sign into [System].”

Me: “Can I get [identifier]?”

I’m able to verify him and I reset his password.

Me: “Okay, do you have a pen or a pencil to write some information down?”

User: “Uh, yeah. Go.”

Me: “Okay, so you’re going to want to go to [Site]—” *spells the site out phonetically* “—and then you’ll use [work email] as your username, and your temporary password will be [password].” *Spells out the password phonetically* “Can you give that a shot?”

User: “Okay, hang on.”

It’s quiet for a minute or so and then he comes back.

User: “It’s not letting me in.”

Me: “What’s the error?”

Manager: *Interrupting* “Hey, [User], are you still in the parking lot?”

User: “Yeah.”

Manager: “Just come into my office. We’ll get it taken care of.”

User: “Okay.”

Things get muffled as I’m sure he starts walking.

Manager: *To me* “He’s not the most tech-savvy, so I’ll take a look at what he’s doing. But can you hang on, just in case?”

My eye is beginning to twitch and I want to bang my head on the table.

Me: “I can wait for a few minutes.”

The user finally got into her office, and she was able to get him signed in and we ended the call. I just don’t get why some of these users don’t understand that it’s not that we’re doing this stuff to be malicious or because we enjoy people telling us we’re useless, but it’s security policies and trying to protect people on the off chance someone decides to do something nefarious. And, seriously, why in the h*** did she try to fight me so hard if he was in the d*** parking lot the entire freaking time?!

Many moons ago, before the Internet, I was involved in telephone support helping end-users who are just learning about computers.

It was the Windows 95 era, most people were emerging from the DOS era of PC interfaces, and using a mouse and a GUI was very strange to them. One call involved a confused lady who was having some problem or other.

Me: “Please right-click on the desktop and tell me what comes up.”

I listened and heard a lot of strange scraping noises, and eventually, she said:

Caller: “Okay, I’ve written ‘CLICK’ on my desktop and nothing’s happened; what do I do next?”

I own my own smartphone repair shop that opens at ten. I am running late one morning, and some old dude is pacing at the door at 10:03. He looks at me as I am sticking the key in the door and says something along the lines of:

Customer: “Well, it’s about time someone got here! Glad you decided to show up!”

Before opening the door completely and letting him in, I lock it back up.

Me: “Actually, I think I won’t come in today.”

And then I went surfing.

Related:
Getting Owned By The Owner, Part 16
Getting Owned By The Owner, Part 15
Getting Owned By The Owner, Part 14
Getting Owned By The Owner, Part 13
Getting Owned By The Owner, Part 12

I work in customer support. A customer called about an issue with his device. As I looked up his account, I noticed that he had two separate yearly subscriptions worth 100$ each which had been automatically renewed for the past eight years. I informed him of this.

Customer: “So, you guys have been taking my money without my consent for eight years?”

Me: “Actually, when you sign up for a subscription, the page states that you agree to automatic renewal. However, you can turn it off on your account page.”

Customer: “That’s not my job! You guys should have informed me!”

Me: “We send out an email fifteen days prior to renewal, and one on the renewal date. They do sometimes get caught in the spam filter. Did you not receive any emails?”

Customer: “It’s not my job to check my email! You guys should have informed me!”

Me: “We don’t have a system for automatically detecting that. Did you not see the charges on your bank statement?”

Customer: “It’s not my job to keep tabs on those things! You guys could have called or something! I want a refund!”

Me: “We have a sixty-day refund period, but as the last subscription renewal happened within the last four months, I can check if I can get a partial refund for that one.”

Customer: “So, you guys are just gonna steal my money? What kind of business are you running?! You just lost a customer!” *Click*

Me: “Thank you for calling [Tech Company]! My name is Katrina. Who do I have the pleasure of speaking with today?”

Customer: “How dare you say hello to me with that fake name, sixteen years after the hurricane, when I’m dealing with one right now?! You’re probably not even American. I demand to speak to your supervisor!”