Can a boss request from IT to change your password and log on your PC as you? [closed]

Interviews General Queries 2 years ago

0 2 0 0 0 tuteeHUB earn credit +10 pts

5 Star Rating 1 Rating

Posted on 16 Aug 2022, this text provides information on General Queries related to Interviews. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.

Take Quiz To Earn Credits!

Turn Your Knowledge into Earnings.

tuteehub_quiz

Answers (2)

Post Answer
profilepic.png
manpreet Tuteehub forum best answer Best Answer 2 years ago

My Boss requested from IT to change my corporate password while I was out of office without telling me. He used the new password to log on my PC as me and copied my project (I don't know what else he did).

When I was back in office, a yellow sticky with the new password was on my desktop. He told me that is my new password when he saw me in office. Is this violation of security? A privacy breach?

profilepic.png
manpreet 2 years ago

 

You should not expect to have privacy on a company-owned machine. However, in a healthy IT environment your manager would do this by asking IT to send him the files he's looking for, which they can retrieve by accessing the computer using their own administrative accounts, not by accessing with your account. If they do it this way, there is never an auditing question of who accessed the files, or whether an action taken by your account is actually an action you took. Your IT department should also follow any guidelines they've been given to facilitate the access - this might include getting permission from your company's legal counsel, providing justification documentation, etc.

Whether or not this is a security violation depends on company policy and applicable law/contractual obligations. You can bring this up with your manager if you want and voice your concerns, and there are quite a few valid ones. As mentioned, logging into your account directly defeats auditing - your security team can no longer be reasonably sure actions taken by your account were taken by you if other people log into the account. Depending on your job, you may also have access to information your boss does not - this could include HR-related information, client data for contracts your boss is not on, and so on. However, changing the system to allow for this kind of access may not be considered a worthwhile investment for a small company that doesn't handle sensitive information.

Also, as Edgar mentioned leaving your password out on a sticky note exacerbates the auditing issue, since now anyone in your company could have accessed your account while you were gone. At the very least, if the company is unwilling to change their policy on resetting accounts, you should ask your manager to tell you the password in person when you get back in the future, or have IT reset it again to something generated by a secure random password generator and don't write it down, then reset and allow you to pick a new password when you get back.


0 views   0 shares

No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.