about your passwords

[mellowtigger]

On Microsoft Windows, I know enough to be able to retrieve a lot of passwords from laptops where I already have a local account. It's not very hard, even. Don't think that your passwords in Windows are any more secure than that Post-It note that you keep under your keyboard.  (Hint:  Use Linux.)

For improved security anywhere, I recommend using KeePass as a password manager for generating individual passwords on each website you visit. It's not automatically integrated with your web browsers like some other products are, but that's a good thing.

"The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it."
- https://en.wikipedia.org/wiki/Robert_Morris_(cryptographer)

Over my many years as an Information Technology technician across several companies, many people have shared their passwords with me intentionally to allow for easy access to their profile for diagnostics and fixes. I've tried during the last year to break myself and everyone else of that bad habit. Some passwords that people use include curse words. That's okay. I'm not shocked. Really, I'm not. Passwords should be easy for the user to remember! I have never reported anyone for their private passwords that I learned.

But...

I'll gloss over the muddy details by saying generically that Anonymous has doxed the police officers who are now awaiting trial for the murder of George Floyd here in Minneapolis. I've seen the file that's been offered. I know nothing about its authenticity.  Home addresses, social security numbers, credit card numbers. It's all there. But it's the passwords that I want to call your attention to now.

"Passwords: {mn311lane, thomlaa, nigger123}"

Please... if you are using racist, authoritarian, asshole passwords anywhere, please change them now.  As an I.T. worker, I consider my end users sort of like a psychiatrist, doctor, or priest would consider their charges, with an appreciation and urgent need for sacrosanct honesty that allows me to help correct problems and create a better order to a very messy world.  I have no desire to snitch on anyone about anything that I learn as a tech who helps users solve their reported problems, and I never have reported any such issues up the chain of authority.

But asshole passwords would make me consider a notice to Human Resources.  So don't do that.

Not ever.

Comments

[excessor]

People will share the most intimate of details if you're a patient listener. When I was working as an executive, I told people upfront that I was bound to regard those details as private. But that doesn't mean I won't act on them. Often there is useful information about a situation: discomfort with another employee, bullying, problems at home, career aspirations, and so on. It's good background to understand basic information, but it doesn't excuse poor behavior.

I often would discuss things with people that they didn't want to hear. So, for example, if A complained that B had gotten a higher raise but A had been an employee longer, that cued the conversation about we don't run a seniority system here, that we are oriented toward a meritocracy. (I particularly liked having that conversation, although it was never a popular point of view, since most people have a kindergartner's sense of morality.) But it got a lot of shit out of the way because in my orgs, there was no such thing as a surprise evaluation.

When something was private but clearly against our Code of Conduct or other rules of engagement, I got HR involved.

[mellowtigger]

When I worked for the state of Texas over 20 years ago, I heard the story of someone (not in my agency) who was serving porn from his work computer in the office. There's "stuff that we need to change for the better" and there's "stuff that can arguably be harming your coworkers". I've let it slide when people stream music even while it interferes with other high bandwidth activity in an office, although I do mention to them how their activity is interfering. Serving porn to others, though, that's a whole different level of inappropriate, and I'm sure I would've passed that problem upwards.

[excessor]

I agree: some things aren't huge in the scheme of things. But some things are, and serving porn from your work server is one. I've had a few others, such as the son who worked for the mother (a definitely no-no) but due to different last names, no one in Payroll or HR caught it. When I brought it up to her, she laughed it off. I asked if it was ok then for him to have a link to his private business in the corporate directory and for him to be running a side business on corporate servers using corporate software? She shooed me out of her office. I had an appointment with HR when someone else reported it, so they never got to me. I ended up working for her and she never mentioned it.

There was the lady of Palestinian descent in my org who passed out Pro-Palestinian literature. There was the lady who passed out anti-abortion literature. There was the man who accused my female office mate of having an affair with me. She and her husband and I had a good laugh at that, given the fact that you can see my Gayness from space.

It went on and on.

[mllesatine]

Are the first two passwords racist as well?

[mellowtigger]

I don't think so. They seem to be variations of the officer's own name.

[mllesatine]

Ok. I thought I missed something.

[barak]

I remember when I was working at the computer shop, and I had a guy bring in his old computer so his contents could be transferred to the new one I had sold him. Normally I didn't poke around in customer's files unless I had permission to figure out problems, but the names of some of the files I saw being copied over... had me really worried. Mentioned it to my boss and he said "you have to make sure." I had one finger on the phone ready to call my boss and the police in case if if had been child porn. Luckily it wasn't, but I wasn't happy to have to peruse someone else's gross stash.