2

I've got a dilemma, should I give my password to my local IT help desk (I am seeing them face to face, and I know that they work for the same company as myself). They want to perform a routine migration for me from one device to another device.

Edit: Yes this may well be considered a duplicate. I know that it is best practice not to give my password to anyone, but what should the advice be when it is a Trusted person (for a routine operation).

The migration is for my corporate profile from one device to another.

Thanks,

KingJohnno
  • 1,155
  • 2
  • 11
  • 19
  • 1
    Why is your local IT desk asking for your password? Grab one of the managers and ask them face-to-face if they are requesting a password. – Ohnana Mar 09 '15 at 14:40
  • 1
    @Ohnana Unfortunately, this is an all-too-common practice in corporate environments. I worked on a migrations team awhile back (moving from NT to XP) and this is exactly how we were told to handle user accounts. Usually, we would reset the password afterward and force a change at next login. But changing before the migration, and using a temporary password throughout, was a rare exception. This is also how I first learned, first-hand, how laughably pathetic and predictable most users' passwords are. – Iszi Mar 09 '15 at 15:51
  • 2
    If they're the sysadmins they should have a way to access whatever they need using their own passwords and/or keys. –  Mar 09 '15 at 15:52
  • @AndréDaniel That would be a sink-hole right under your feet! For multiple reasons. Also, you would want to only store a hash of the password instead of an encrypted version or plain text. – Ismael Miguel Mar 09 '15 at 16:04
  • 2
    @IsmaelMiguel where did I say the passwords should be stored in plaintext ? What I said is that administrators should have their own accounts that have the required permissions to log in as you without using your password. –  Mar 09 '15 at 16:06
  • @AndréDaniel Indirectly. You said that "they should have a way to access whatever they need using their own passwords and/or keys." Where would those keys be stored? Would the key be the same for every device? – Ismael Miguel Mar 09 '15 at 16:14
  • 1
    @IsmaelMiguel admins have their own keys (stored securely on a smartcard for example) and the public key is added to the superuser account's authorized keys. For different security levels, different keys may be used. –  Mar 09 '15 at 16:22
  • @AndréDaniel How would you do that with, lets say, a cellphone? – Ismael Miguel Mar 09 '15 at 16:46
  • 1
    @IsmaelMiguel an [MDM](http://en.wikipedia.org/wiki/Mobile_device_management) solution can do that, but I don't see what there needs to be done on the phone itself, as everything like mail, calendars or contacts are stored on a server on which sysadmins can have access through the methods I described above. Of course, if it's just a setting to change, the sysadmin can tell the user which settings to set and the user can do it himself without disclosing the password. –  Mar 09 '15 at 16:49
  • @AndréDaniel You 'won' the argument. (The quotes are there because this isn't a fight, but symbolize that you are right). But still, I have some doubts about how it would workd, but that's outside the scope of the question anyway. – Ismael Miguel Mar 09 '15 at 17:03
  • @IsmaelMiguel well there was no real argument, I'm just describing how it should be done in a perfect world. I agree that in reality security is often a disaster, and password sharing, passwords on a post it and sysadmin incompetence are common. –  Mar 09 '15 at 17:05
  • @AndréDaniel Maybe that's why it is actually pretty hard for me to understand the whole concept. Here, in the company I'm working, we don't have email passwords. The client has the password configured on the (email) client. When required, we reset all the passwords, since they need to be changed once in a while anyway. – Ismael Miguel Mar 09 '15 at 17:07
  • @IsmaelMiguel assuming you're using a Windows OS, what's happening is that your files and user profile are actually stored on a server, and the server's admin has read/write access to all those files without even needing to log in as you (of course he can do that if he wants without ever asking you for your password, as his administrator credentials are enough). –  Mar 09 '15 at 17:09
  • @AndréDaniel That, if it is a Windows computer. In case you have an Android, the only reason I see to need the password is to have direct access to the devife *if* locked using a password. Otherwise, I can't see any reason to ask for the password – Ismael Miguel Mar 09 '15 at 17:23
  • @IsmaelMiguel if there is no MDM I would just ask what the sysadmin wants to do and do it myself in front of him. But a mobile password isn't that big of a deal as it can't be used to access the device remotely, so there's less risk than for example giving a mail account password where anyone can then access it from anywhere and impersonate the legitimate user. –  Mar 09 '15 at 17:27
  • @AndréDaniel I agree with you. Doing it yourself is a better way (with the assistance of the I.T. guy) and you solve the security risk and you learn something new. So, yeah, still on the point to do not give the password. – Ismael Miguel Mar 09 '15 at 17:39

3 Answers3

11

I have 2 solutions for this.

1)No. Don't give them the password.
If they need your password to perform migration then they should just ask you to input your password. Note: If the process is lengthy and you need to input it multiple times check option 2.

2) Don't give them "your" password, but give them the password for the device.
Change the password to something generic before handing the device to them.
This way if the process is lengthy the person performing the migration can use it whenever he needs. Also, "YOUR" password stays with you (that's why it's secret) and you can use it again when the new device comes. (I strongly recommend changing the password from time to time).
Tip: Make the password something funny so the guy working on your device smiles when he does it. It doesn't hurt trying to make someone smile.

sir_k
  • 719
  • 6
  • 14
  • This is how the place I work (which does computer repair for the students at my school) handles passwords: we have the student reset it to some fixed thing before we take it in, if the computer is in a state where that's possible to do. – cpast Mar 09 '15 at 15:16
  • I disagree with the "make it something funny" part. Something funny is likely to be made words that appear in dictionaries, and thus rather weak. (Well if your IT guy finds $1kl53!lme hilarious though, you're good) – ero Mar 09 '15 at 15:38
  • I agree that the funny password will be weak, but then again the IT guy will know it so even if it's super complex, it's still not going to be secret. Also, I'm sure that 0ldH0rseButt5 it's hilarious. Joke aside, even if it's dictionary based it doesn't mean it's weak. http://xkcd.com/936/ – sir_k Mar 09 '15 at 15:42
  • I disagree with both of these options. Either way allows the migrations team to autonomously act under the user's identity in a way that is not documented by the system. See my answer for a more appropriate alternative. – Iszi Mar 09 '15 at 15:48
  • The fact that you shared a secret with someone doesn't mean it's no longer secret. Or if it does, fire the IT guy. Regarding the xkcd, a very important point is the words are chosen randomly (thus less likely to have a meaning, or be funny). – ero Mar 09 '15 at 15:48
  • @ero The password is weak no matter how you create it. It gets weak the moment you share it. – Taemyr Mar 09 '15 at 15:55
  • @Taemyr sure. But that's no reason to make it weaker :) – ero Mar 09 '15 at 19:48
6

No. Never. To no one. Under no circumstance.

ero
  • 504
  • 2
  • 6
2

You should not give anyone your password, ever.

If the migrations team really needs direct access to your account, without you physically present to witness their actions, they should have the ability (or the authority to request) to reset it to a known value themselves. This way, their actions are documented in such a way that any activities performed during the time they know your account's password can readily be attributed to them.

Upon returning your system to you, the migrations team should provide you with the temporary password they assigned to your account. At that time, they should also have your account configured to force a password change at next login. This way they can be sure that they no longer know the password after you've logged in, and there is documentation in the system that the time window during which they know your password has been closed.

Iszi
  • 27,027
  • 18
  • 99
  • 163