GrumbleDook Said ” A question for people then ... do you ever tell users that you will have to reset their password to test something?”
Very rarely and when I do I prefer to reset the password over knowing the real password. Most people use the same password for more than one thing so I do not want to know it.
Synetrix should gives us a choice or by default reset our master password to “1234” or something while they test. Then we can reset it back after.
EDIT: If you look at the gaming world and someone forgets the password or tech support needs it they generate a random secure password like 56sf73s.
Some support requests are specific to an individual user / account. This ranges from email and filtering through to access to authenticated resources such as Expresso @ home. For these you *have* to test the user account in question.
Originally Posted by penfold
Thanks for the feedback folks, I'll talk about it in our next LA meeting but one thing you could do in the meanwhile is if you are making a support call where testing will be needed then reset the password to a generic one and pass that on rather than the password the user usually uses. make sure you let the user know this though so it doesn't mess up other services (eg internet access!)
I work for LA support and routinely have to ask users in schools for their passwords, this occurs mostly when I'm on a remote support link and it is going to take a long time to resolve the issue. I don't like doing it and feel somwhat embarrassed when I have to do so. However people don't like waiting around on the phone whilst I'm working on a time consuming problem.
It's all because default passwords are a big "no no" and in most cases if you don't have a password to access the affected system (mainly in order to test your changes work) then you simply can't help.
It all boils down to trust, in the OP's instance these people run your support service and as someone else has already said, if you aren't happy then change your password afterwards. Otherwise you have two options either live with the problem or fix it yourself.
Couldn't the LA just have some sort of policy where schools set up a couple of support user accounts (with different rights, eg, Student, Staff, Admin) and then have have the details added to a LA database or the likes so that people don't need ask for passwords for absolutely required.
Originally Posted by superfletch
This method also gives benefits such as:
* audit trail (Although Limited in Userfullness because it would be a shared account)
* Worse case (ef: if the LA needs access for example if the IT manager came down with a illness for extended period they could helpout)
As mentioned previously, some of the faults might be account specific and have to be tested on *that* account. Setting up generic accounts can deal with some issues ... and suppliers like Synetrix already have a raft of test accounts in test schools to see if things are broken. Having a test user for each role in each school doesn't add that much more to the diagnosis.
I still prefer the method of resetting a users password. I just think it covers everyone. I have been in the situation where I have been troubleshooting a teachers logon/account and told them I will have to have access to their account when they have voluntarily provided me with their password. Now they know I wont misuse this, but knowing that they use the same password for most of their online accounts I would rather not know in the first place.
I know it can make things easier, but resetting a password rather than asking for one just seems better practice to me.