Work Password violation

[experiment626mom]

When I was going on vacation in June my ex-supervisor asked me for my login password so that SHE could check my emails while on vacation. I wrote it down for her and then forgot about it.

Fast forward to last week, when I was out sick. One of my teammates emailed the entire department my password to get into my computer and thus my email. My new supervisor hasn't said a word to anyone about this.

The company that I work for is very security conscious. I am currently working on getting this changed in our eternal system, which is a real pain.

Thanks for listening!!

 

[NMAmy]

Wow. First off, why would your supervisor need to check your email while you were gone? Secondly, why in the world would the password need to be emailed to EVERYONE so they could check your email?

That sounds too weird. I'd be having a little hissy fit, myself.

 

[Tigger_Magic]

Wow, both circumstances would be a major security breach at my job and would be grounds for immediate disciplinary action. We had security training last spring and all managers were told to NEVER ask for an employee's password. No one, except the employee, should know their password(s).

I would discuss this with your immediate manager and escalate it, if necessary.

 

[SC Minnie]

I would be royally ticked off. We aren't allowed to check each others email- that's what the out of office response is for to let people know you are there and who to contact.

 

[Alicnwondrln]

id go right to HR
this would be grounds for dismisal

 

[stinkerbelle]

id go right to HR
this would be grounds for dismisal

ditto.
your dismisal (for giving out your password) and for the employee emailing it around right now. both big no-nos (well, in my company anyway)

explain to HR/Your new boss what your old boss did...just cover your tracks.

 

[CapeCodTenor]

I would be talking to someone about this. To have someone email the entire office your password is just wrong and grounds for a serious...ummmm....tail kicking (the Dis friendly version).

 

[Ava83]

We here cannot give out passwords, no matter what, and they have us change them every 90 days, they lock us out.

In our out of office message we can tell notes to forward emails to people if we choose to, I've never used it but its there.

 

[BelleMcNally]

id go right to HR
this would be grounds for dismisal

Absolutely.

I work in HR and this is exactly the kind of thing your rep. should know about.

 

[experiment626mom]

I'm glad to see that others see this as a problem. I spoke to my manager after our meeting and she didn't seem too concerned. "She has bigger problems to deal with." I think I will head over to HR during lunch and see what they think should be the next step.

 

[RUDisney]

I am the Information Security Officer in my organization. Every year I discuss the fact that no one should ever give their password to anyone. If caught, it is grounds for dismissal. Yet, every year, people give their passwords away.

I'd be that you'd be able to set your supervisor up as a proxy so she could check your mail, or if you couldn't do that, you could have setup an out of office email that would advise senders to redirect their email to your supervisor's account.

My other concern for your company is that you are still using the same password that you were over the summer. Best practices says that passwords should be changed, minimally, every 90-days.

Basically, your company has some big security concerns... bigger than you divulging your password to your supervisor, or her requesting it from you.

 

[JCJRSmith]

I work in IT - email (specifically Microsoft Exchange Server) is my specialty. Most corporate email packages have the capability to allow one to grant access to the folders in one's mailbox to another user. This is called "Delegation" or "Delegate Access". If you use Microsoft Outlook for your email program, and if your company uses Exchange server to host/move the mail, you can easily do this. Hit the Outlook help files and search for "delegate."

In the meantime, you need to change you password NOW. You may also want to get away from using passWORDs and use instead a passPHRASE. The longer it is, the more difficult it is to guess. Also, writing that password down is not a security violation as long as you take the necessary precautions to safeguard that piece of paper - i.e. always keep it on your person, not on a sticky-note attached to the bottom of your keyboard.

 

[Belle1962]

When I first started in this position, they told me to leave my backup my email password. Well, we use Outlook and I thought that was what the "delegate" feature was for. Give them rights to read my box and they can act on what is necessary. I've been here almost two years now and still do not leave my password--hasn't been a problem yet but they really don't like that "I have to do it different from everyone else".

 

[experiment626mom]

I spoke with HR during lunch, and they were not happy. Since I was kind of new here in June (1 1/2 months) they are chalking my part in this up to ignorance and trusting a superior. I have been warned to NEVER do it again.

They are contacting both my new supervisor and the person that emailed my password to everyone for a meeting. I wasn't told what was going to happen, I can just assume it's not going to be pretty. It looks like I'm going to be the bad guy on our team.

Now if we can only convince our IT group that this is important enough for them to help me out with changing the stupid password I will be done with this. Dang!! It was really a good one too!