+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
East Midlands Broadband Consortium (EMBC) Thread, Support staff asking for login credentials in Regional Broadband Consortiums (RBC); So I am having an issue with mail delivery (mail is going round in a loop and then rejected). I ...
  1. #1

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,258
    Thank Post
    1,138
    Thanked 1,462 Times in 980 Posts
    Blog Entries
    22
    Rep Power
    457

    Support staff asking for login credentials

    So I am having an issue with mail delivery (mail is going round in a loop and then rejected).

    I log a call with the EMBC help desk who then ask for my login credentials to look into the problem.

    Now, perhaps I am wrong, but should the synetrix staff need to have my credentials to fix a problem. Surely they can see whats going on right?

    This doesn't seem right to me does it?

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    Perhaps the idea is to fix it, test it, sort out remaining issue and then get back to you when it is working, rather than keep you on the phone for x minutes / hours whilst things are tested (especially if it has to be bounced to second / third line). Remember that many of the schools they deal with directly can be primary and don't have the time to spend on the phone (or the wish to either).

    Damn ... being reasonable and understanding again. I must go and take my medication!

  3. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,657
    Thank Post
    350
    Thanked 789 Times in 710 Posts
    Rep Power
    344
    Synetrix historically have always requested details to resolve issues; and whilst I think it's slightly edgy behaviour I do appreciate where they are coming from and changing my password isn't ever a big problem for me.

  4. #4

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,389
    Thank Post
    1,489
    Thanked 437 Times in 286 Posts
    Rep Power
    195
    Are there not privacey issues involved with this? Im sure depending on who's email it is there could be alot of sensitive inforation.

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    Theoretically Sytnetrix (as with other RBCs) are a trusted supplier, the same way that you *can* access the pay information at your school but do not do so unless you are asked to support recovering data, sorting out access or configuring the program.

    Basically, it is part of their job the same way that being an admin is part of yours.

  6. #6

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,258
    Thank Post
    1,138
    Thanked 1,462 Times in 980 Posts
    Blog Entries
    22
    Rep Power
    457
    Hmm I see you are saying, just seems bad practise to routinely request login details for your customers.

    Thing is, the problem is sending any mail between the .leics.sch.uk addresses for any of my sites, I have sent the error message returned and the EMF log and I can't see what giving my details is going to add. Oh well.

  7. #7

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,258
    Thank Post
    1,138
    Thanked 1,462 Times in 980 Posts
    Blog Entries
    22
    Rep Power
    457
    Quote Originally Posted by GrumbleDook View Post
    the same way that you *can* access the pay information at your school but do not do so unless you are asked to support recovering data, sorting out access or configuring the program.
    Heh, good point, hadn't thought of it like that.

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,386
    Thank Post
    10
    Thanked 483 Times in 423 Posts
    Rep Power
    110
    Quote Originally Posted by GrumbleDook View Post
    Theoretically Sytnetrix (as with other RBCs) are a trusted supplier, the same way that you *can* access the pay information at your school but do not do so unless you are asked to support recovering data, sorting out access or configuring the program.

    Basically, it is part of their job the same way that being an admin is part of yours.
    Not quite, no support should request your actual password for any reason, pretty much ever. That's the reason why passwords are usually stored without reversible encryption.

    I'm not saying that it doesn't happen, but it shouldn't.

  9. #9

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,853
    Thank Post
    1,160
    Thanked 1,028 Times in 729 Posts
    Rep Power
    323
    @GrumbleDook:
    Bankers are supposed to be trusted members of the public but look at what they have done to the country!
    I would not give anyone my passwords upon pain of death!! trusted or not!
    It is not the done thing.
    If you ring the bank up to query why you cannot withdraw money from one of their cash machines they don't ask you for your pin number so they can try it do they. :-)

  10. #10

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    A question for people then ... do you ever tell users that you will have to reset their password to test something? Would people prefer that instead even though it would change access to other services (eg school admin tools, filter internet access, etc) for a short period of time?

  11. #11

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,372
    Thank Post
    624
    Thanked 949 Times in 651 Posts
    Blog Entries
    2
    Rep Power
    317
    Quote Originally Posted by GrumbleDook View Post
    A question for people then ... do you ever tell users that you will have to reset their password to test something?
    Yes, reset their password - but only if entirely necessary. We never ask them to tell us their password.

  12. #12

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,258
    Thank Post
    1,138
    Thanked 1,462 Times in 980 Posts
    Blog Entries
    22
    Rep Power
    457
    Quote Originally Posted by webman View Post
    Yes, reset their password - but only if entirely necessary. We never ask them to tell us their password.
    Absolutely, plus if that ever happens its followed by instructing the user to alter their password again themselves.

  13. #13

    Join Date
    Sep 2008
    Posts
    1,673
    Thank Post
    310
    Thanked 221 Times in 197 Posts
    Rep Power
    107
    Could you not just have a test account for such requests? If problems are occuring with all accounts then it doesn't matter which account they use. At least thats why I have always used staff and student test accounts so I dont have to ask students for their password or reset it to test something.

  14. #14

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,372
    Thank Post
    624
    Thanked 949 Times in 651 Posts
    Blog Entries
    2
    Rep Power
    317
    Quote Originally Posted by penfold View Post
    Could you not just have a test account for such requests? If problems are occuring with all accounts then it doesn't matter which account they use. At least thats why I have always used staff and student test accounts so I dont have to ask students for their password or reset it to test something.
    We usually do. First, we reset the profile of a test account, change the group membership/user type to make it identical to the one that is having problems, and investigate. If we can't reproduce this problem we then look closer at the actual user and their own account. And as sparkeh says, getting them to change their password back again is always a must.

  15. #15

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,722
    Thank Post
    695
    Thanked 1,206 Times in 759 Posts
    Rep Power
    393
    Quote Originally Posted by DMcCoy View Post
    no support should request your actual password for any reason, pretty much ever. That's the reason why passwords are usually stored without reversible encryption.
    I'm in complete agreement with DMcCoy on this one. No support staff should ever ask for a user's password.

    There are plenty of good reasons why, but the most important one is that your average user uses the same password for most of their computer logins, work and personal (even if we encourage them not to, and I most certainly encourage them quite vigorously). It also fosters the notion in user's minds that divulging passwords is 'normal' and acceptable which makes them more vulnerable to social engineering tactics such as phishing.

    I have to say it's rare that we need access to a users actual account to diagnose problems, but when we do we either have them log on for us, or (rarely) inform them that we will be changing their password temporarily and have them change it back afterwards by setting the 'user must change password at next logon' flag in the AD.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 28
    Last Post: 15th August 2010, 09:47 AM
  2. Replies: 11
    Last Post: 12th January 2009, 05:53 PM
  3. Vbulletin login credentials
    By EduTech in forum Web Development
    Replies: 3
    Last Post: 17th August 2008, 04:38 PM
  4. Support Staff or Non-Teaching?
    By webman in forum General Chat
    Replies: 58
    Last Post: 20th April 2007, 12:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •