Right Working Romantic Related Learning Friendly Healthy Legal Inspirational Unfiltered

This Is Literally Rule Number One Of The Internet

, , , , | Working | July 30, 2021

I work in IT for a retail company. I’ve been recently helping support some of our backend retail systems, so I’ve been doing more tickets and queue work than being on the phones.

One thing that we stress through the company is to NEVER SHARE YOUR PASSWORD. Unfortunately, that doesn’t stop people from doing it, and when we find out about it, there’s paperwork and resetting and frustration because users don’t understand why security is reaching out to lecture them.

I get a ticket for an issue with a system; it’s actually a known break that is actively being worked on.

User: “I can’t sign into [System]. It keeps telling me my credentials are incorrect even though I know they’re correct. My username is [Username] and here’s my password: [password].”

I actually stare at the ticket for a minute, trying to see if I am reading what I think I am reading. Then, I burst out laughing in our team meeting. I have to explain what has me laughing, which gets everyone else going.

Coworker #1: “Oh, come on. You’ll need to create a second ticket without the password and then send a request to security to get the initial incident removed from the system. Then let the user know they’ll need to reset their password. If they say no or don’t respond, just go expire it.”

I send a message to the user through our chat system.

Me: “Hi! I wanted to reach out regarding your incident [incident]. You included your password in the incident, which is a security violation. You’ll need to reset your password immediately.”

User: “Hi, [My Name]. I included it because I wanted to know if there was a reason why I am having so much trouble getting into [System]. But noted!”

Me: “Please don’t share your password with anyone or in incidents; for security reasons this is not allowed. There is an issue with [System] currently that this is related to. A new incident was created for your initial report as the security team will need to delete the original one. You will still need to change your password.”

User: “Okay, thanks!”

The number of people who willingly want to share their passwords scares me, honestly. I’ve had a couple of times where I’ve been tempted to use their password to do something (non-malicious and reversible) just to prove the point of why we don’t share passwords.

1 Thumbs
310