*Really* bad internet hygiene

Post #426,866 by rcareaga 12/22/18 5:19:44 PM 12/22/18 5:19:44 PM Reply	Really bad internet hygiene The spousette derives a substantial fraction of her income these days as managing attorney for a “virtual” law firm. She does “intakes,” and supervises a bunch of contract attorneys who require a great deal of hand-holding, and whose work products, well, benefit from some editing. Most of this, apart from telephone calls, involves document review and editing via “Microsoft Remote Desktop.” So far, so good, OK? The other day, she receives an email, purportedly from the office manger, to the effect of “We are migrating to a different service provider. Please email me your user name and password.” She sensibly phones the office manager, saying WTF? Office manager assures her that the email is legit, that she has discussed it with both the head of the firm and with the IT guy. I’m thinking, “You need to get another IT guy if he countenanced that email.” What think you, my auditors? suspiciously,
Post #426,867 by lincoln 12/22/18 6:13:43 PM 12/22/18 6:13:43 PM Reply	have her call both the head of the firm and with the IT guy. and whatever they say to her on the call, have her strongly insist that whatever is discussed is sent to her in an email from each. Then have her save copies both electronically and in print form. Satan (impatiently) to Newcomer: The trouble with you Chicago people is, that you think you are the best people down here; whereas you are merely the most numerous. - - - Mark Twain, "Pudd'nhead Wilson's New Calendar" 1897
Post #426,869 by boxley 12/22/18 7:14:25 PM 12/22/18 7:14:45 PM Reply	as noted above, get it on the phone and in email then have her change the password immediately after she complies and on the new system. I suspect that they want to see everything she has tinkered with for some stupid reason good luck "Science is the belief in the ignorance of the experts" – Richard Feynman Edited by boxley Dec. 22, 2018, 07:14:45 PM EST Expand All History
Post #426,871 by drook 12/22/18 7:36:23 PM 12/22/18 7:36:23 PM Reply	Yeah, it's that bad I can't be held liable for anything that happens once someone else has my credentials. A law firm should grasp the importance of liability. -- Drew
Post #426,875 by scoenye 12/22/18 9:01:45 PM 12/22/18 9:01:45 PM Reply	It doesn't even make sense I can't think of any legitimate reason why one would need the user passwords to shift services providers. (My guess: they're planning on setting up the new AD service with the same passwords as the old one, but that is indeed just not done.) If that was IT guys original idea, then it is time to find another one. However, if IT guys is also just another contractor, I wouldn't discount strongarming on part of the head of the firm. And I agree with the others: it is CYA time.
Post #426,879 by boxley 12/22/18 10:04:42 PM 12/22/18 10:04:42 PM Reply	Should be a 2 factor anyway Dunno how it is done in AD but in nix you can usually copy the encrypted passwords over and it will usually work "Science is the belief in the ignorance of the experts" – Richard Feynman
Post #426,882 by static 12/22/18 10:33:53 PM 12/22/18 10:33:53 PM Reply	Yeah, that's bad. I'd be point-blank refusing to give them my password. If they need it to migrate data (but why?), then they can change it and tell me what they've changed it to. Whoever came up with this idea needs to be disciplined or fired if he can't see what's wrong with that. If the head of the firm approved it, he needs to explain that to his auditors and hope they don't recommend he lose his business license. Wade.

Welcome to IWETHEY!