Bit pissed off....

[old.Tohtori]

Hehehe, maybe a 32-bit random base64 string... 32 random odd characters... try to enter that without making a typo

I actually do that.

Just type in every letter and number of the keyboard

 

[soze]

Tell him its this "Pneumonoultramicroscopicsilicovolcanoconiosis" And that every 3rd o is a 0 and every second i is a 1.

I do that to constant password offenders get the word of the day and bastard it for them. d35trUct!0N ect

 

[Ezteq]

Hehehe, maybe a 32-bit random base64 string... 32 random odd characters... try to enter that without making a typo

thats the spirit!

a good dose of passive aggressive retaliation is sure to make you feel better and piss off your boss



passive aggression, everybody needs a hobby.

 

[Zedenz]

I know nothing of Dutch law so can't really offer any advice only personal experience.

(didn't read the entire thread, apologies for any repeats)

In the UK you most often agree to a clause in your employment contract (at least at most medium-large firms) stating that email spot-checks and access to your system can be requested at any time without notice.

Although with todays systems you only need the aid of the IT Admin to achieve this, no password needs to change hands.

The idea is that you should only be using your PC for work basically, although I've never really had much of a problem. At my current firm I am on excellent terms with the IT Admin staff anyway so even if some checks were to come up he would warn me in advance and to be honest, I doubt I would be checked personally anyway, I just can't see it.

It would be considered terrible form for someone to ask you for your login credentials regardless of his/her status at the company, irrespective of the fact that it just isn't required anyway. A lot of people unfortunately use a single password for all their internet/pc endeavors so revealing it could open a rather large can of worms.

Anyway damn office politics, I hate it.

Z.

 

[kiliarien]

It's a toughie for you Macabre. The best way, which I think takes some guts if you work in a small company work environment, is to speak to your boss about your honest reservations about giving him your details.

I'm sure you conduct your work account properly and there's nothing dodgy there, you just need to express your views that essentially your boss can act as you electronically - he can assume your identity on the system and all your actions can be tracked by admin as you, so if there's dodgy websites browsed, unauthorised email or whatever then it's you to blame.

It's a hard thing to say to him, but at least you are proving you are an honest person who has no problem expressing views in a frank manner. Not only will it put you in a good light, but depending on his reaction you can gauge how good a boss he is based on his reaction.

In this case honesty, tactfully expressed by you, is the best policy - hope it works out for you bud

 

[Ingafgrinn Macabre]

It's a toughie for you Macabre. The best way, which I think takes some guts if you work in a small company work environment, is to speak to your boss about your honest reservations about giving him your details.

I'm sure you conduct your work account properly and there's nothing dodgy there, you just need to express your views that essentially your boss can act as you electronically - he can assume your identity on the system and all your actions can be tracked by admin as you, so if there's dodgy websites browsed, unauthorised email or whatever then it's you to blame.

It's a hard thing to say to him, but at least you are proving you are an honest person who has no problem expressing views in a frank manner. Not only will it put you in a good light, but depending on his reaction you can gauge how good a boss he is based on his reaction.

In this case honesty, tactfully expressed by you, is the best policy - hope it works out for you bud

I tried to talk to him before handing over that false password. Told him that the only advantage to him having my password would be for him to access my private email whenever he feels like it, without consulting me, or need to notify me, but he wouldn't have any of it, and it turned into a "you'll do so because I tell you. The rest already done so, why are you dragging your feet" kind of discussion.
So, I kinda felt I had no option other than writing down a falsy. I don't fear talking to him that way, stating if he's wrong when he is, but I don't know. For some reason he thinks a salesman has more knowledge of IT than I do, even though that dude consistently advices the wrong things. I could've set up a network for half the price, and 10 times the performance and security than what we currently have, but well... What can ye do....

 

[Bahumat]

I tried to talk to him before handing over that false password. Told him that the only advantage to him having my password would be for him to access my private email whenever he feels like it, without consulting me, or need to notify me, but he wouldn't have any of it, and it turned into a "you'll do so because I tell you. The rest already done so, why are you dragging your feet" kind of discussion.
So, I kinda felt I had no option other than writing down a falsy. I don't fear talking to him that way, stating if he's wrong when he is, but I don't know. For some reason he thinks a salesman has more knowledge of IT than I do, even though that dude consistently advices the wrong things. I could've set up a network for half the price, and 10 times the performance and security than what we currently have, but well... What can ye do....

You sound like you're good at your job, and you always seem to help out on IT queries on FH. Why not search for a new job? Ok, it's not that easy, but as a clever person you should be fine.

 

[old.Tohtori]

I could've set up a network for half the price, and 10 times the performance and security than what we currently have, but well... What can ye do....

You should take that proposal, write it down, make charts whatnot(pretty pictures) and go OVER him to the next boss level and show how incompitent the guy is and how you should be the one calling the shots when it comes to IT.

That's what you CAN do.

Knife in the back, ah, the american dream.

 

[Dukat]

You sound like you're good at your job, and you always seem to help out on IT queries on FH. Why not search for a new job? Ok, it's not that easy, but as a clever person you should be fine.

What bahumat said, I know its easy to sit on the side lines and shout advice, but it really does sound like these people you work for are completely ignorant idiots who have a highly self inflated opinion of themselves.

Do you enjoy your job like this? If so, great, if not, surely you'll be better off elsewhere? Like bahumat said, you sound smart enough that getting another job should surely be a distinct possiblity?

Best of luck either way

 

[old.windforce]

just put some passphrase protected encryption on the private parts of your computer and give him the password

 

[old.Tohtori]

just put some passphrase protected encryption on the private parts

So...like women have then?

 

[soze]

If you are the admin there just set password to expier after 2 weeks he will get bored of asking for it after a while.

 

[kiliarien]

I tried to talk to him before handing over that false password. Told him that the only advantage to him having my password would be for him to access my private email whenever he feels like it, without consulting me, or need to notify me, but he wouldn't have any of it, and it turned into a "you'll do so because I tell you. The rest already done so, why are you dragging your feet" kind of discussion.
So, I kinda felt I had no option other than writing down a falsy. I don't fear talking to him that way, stating if he's wrong when he is, but I don't know. For some reason he thinks a salesman has more knowledge of IT than I do, even though that dude consistently advices the wrong things. I could've set up a network for half the price, and 10 times the performance and security than what we currently have, but well... What can ye do....

As others have said, I've seen you help out on tons of techie issues and you're clearly clued up - maybe time to consider if you can do better jobwise....

 

[Deebs]

Good thread and as others have already pointed out most UK based Companies will have an IT policy which is part of the terms of contract. It is law binding in as much as your work contract is.

Basically it will give the Company all rights to access ANY data stored on it's systems but no more. External passwords/systems will not be affected by this.

Now let's take this one step further, you encrypt a file on a Company owned piece of equipment, I guarantee that in your contract you are bound to provide the password.

Corporates have lots of clauses and protections in place to protect their wellbeing. I have no issue as I believe it is fair and just to the Company.

I don't go to work to take the piss and do my own thing. If they asked me for a private password to a service outside of their infrastructure then I know the answer will be a resounding "fuckoff".

 

[Sparx]

Spot on Deebs.

If its on their system they can check it

 

[Ingafgrinn Macabre]

They can check everything that's on their system. That's not the issue, and I never claimed it was. They have access to the administrator account, and everything on "My documents" and "my desktop", or rather, everything in \user, will get backed up on the server at log-off, due to this system being a domain client, so they needn't even have my password to check all the data on the system.

The issue is that they, would I have provided a valid password, can check my private email, and log in on Freddys under my name for example, without them needing to notify me, or tip me off. They could do it without me finding out. That's the issue.

Also, I never signed anything relinquishing my privacy rights, nor would anything like that be legal in the Netherlands. You can't hand over your rights with a contract like that.

My qualm is that they ask for something totally unnecessary, and probably illegal. They have all the access they need. They can access everything I do, without even accessing my account. That's just how this computer has been set up. They just cannot access things like gmail and forum logins without the user account.

 

[Bahumat]

They can check everything that's on their system. That's not the issue, and I never claimed it was. They have access to the administrator account, and everything on "My documents" and "my desktop", or rather, everything in \user, will get backed up on the server at log-off, due to this system being a domain client, so they needn't even have my password to check all the data on the system.

The issue is that they, would I have provided a valid password, can check my private email, and log in on Freddys under my name for example, without them needing to notify me, or tip me off. They could do it without me finding out. That's the issue.

Also, I never signed anything relinquishing my privacy rights, nor would anything like that be legal in the Netherlands. You can't hand over your rights with a contract like that.

My qualm is that they ask for something totally unnecessary, and probably illegal. They have all the access they need. They can access everything I do, without even accessing my account. That's just how this computer has been set up. They just cannot access things like gmail and forum logins without the user account.

I think what with the differences between countries, your best bet is to contact a person in your country who is a professional. There is probably a forum which deals with dutch law?

 

[soze]

Im not sure i could stay in a job where i did not trust my boss that much, i would hand mine over if asked as i have said as the though he would snoop around my webpages would not even spring to mind as a reason he wants my password.

I also have a roaming profile so My Documents is backed up but that does not stop me creating C Drive folders and storing documents there so that might be why he wants it or maybe just for checking my email if im sick with out messing with permissions or re setting my password.

 

[Cromcruaich]

Is he the boss of the company or just of you?

He has no right to your password, you must refuse to give it to him on point of principle.

He can do anything with the data on the machine, or even take a sledge hammer to the whole thing - but he has no requirement to have your own password.

As you say - all it allows him or whoever to do is impersonate you - any domain admin can access data whenever they want to.

Speaks to me of a bit of ignorane on his part. Is he aware that mechanisms exist to gain access to anything within your machine or related to your domain account?

 

[Manisch Depressiv]

Hehehe, maybe a 32-bit random base64 string... 32 random odd characters... try to enter that without making a typo

szymon@chatsubo:~$ pwgen 666
EoZiNie0aeyoohahC5ahDiekaofae2ooqu5thiatoh1tei4ik2Ohw7eefeew4Paeneequei2baN0meey5eGhiShaih8esuoV6goK2laelie9looyaichohyathahchooshaich3phaxietaephohjeofeihoXaiyaix6wain4ciebooCh0Ce4hie0DaiNae0vohsh4ath8wiePhoo5ohb4io2AeChahma7phoothia5wu4nuquohgh2sech1Oom6vuk7eith3Uboque5ohchee5XooKaish2ek6laiyoht9om3VeaJ6pewow4seShuo2Queenguo7ahhuaroi3gun4pheinohT6ohcoquio7ohleeQueingaipuusaihohsie8oogaingahs9looroh7ienei4YoshohXiegaCoh2yaeJahcai2Ahshiedei1lohGeeGheiv1vaeXachoh5thaiKungiexie8rie1eemaiNieph4moh1weehahpohkoonii7waidai8thohw0neK4iu3Aphae5aeg0ejaib1Nie2quu0Vuth6tee9aelieth3ahdoo0airikaevah8Phie8wooBietahth3shoo0oop0quooThohthaicaemei2aej4fuGhaiqu1cahquohgoozain
[...]
szymon@chatsubo:~$

That should do it. Hopefully you can find a way to copy and paste it when needed xD.

 

[Deebs]

They can check everything that's on their system. That's not the issue, and I never claimed it was. They have access to the administrator account, and everything on "My documents" and "my desktop", or rather, everything in \user, will get backed up on the server at log-off, due to this system being a domain client, so they needn't even have my password to check all the data on the system.

The issue is that they, would I have provided a valid password, can check my private email, and log in on Freddys under my name for example, without them needing to notify me, or tip me off. They could do it without me finding out. That's the issue.

Also, I never signed anything relinquishing my privacy rights, nor would anything like that be legal in the Netherlands. You can't hand over your rights with a contract like that.

My qualm is that they ask for something totally unnecessary, and probably illegal. They have all the access they need. They can access everything I do, without even accessing my account. That's just how this computer has been set up. They just cannot access things like gmail and forum logins without the user account.

That is why you MUST have very different passwords for work related stuff and your personal/private stuff.

Change the password which is less hassle and then you can safely give them what they want.

 

[Ingafgrinn Macabre]

That is why you MUST have very different passwords for work related stuff and your personal/private stuff.

Change the password which is less hassle and then you can safely give them what they want.

I have different passwords, but when you log in on freddys from your workcomputer, that password is saved in the browser password-thingy-cache-thingy, same with the gmail password and various others.
So, when they enter my account, they can access my browser, thus can access my mail and assume my freddys identity and whatnot.

My gripe with the situation is, that they can already access all the data, but they'll have to reset the password, so I'll find out the next morning when trying to log in, and request an explanation. When they have my password, I won't necessarily find out.

 

[Deebs]

That is easy just don't let FF/IE/whatever browser to save passwords. Keep typing it in every time you visit. That way you are safe.

 

[Gahn]

I'd install ubuntu and watch our incompetent outsourced IT dept fail to find the control panel...
Or perhaps even solaris or something. Even better




Infact, I regularly /do/ need things like youtube or similar sites, for totorial / howto films on certain program features.

That is if the morons granted you rights to install anything on your pc 1st of all -.-

Edit: nm that, ask for a change of password and give it to him, best bet for ya to get out of the "jail"

 

[Aoami]

I have different passwords, but when you log in on freddys from your workcomputer, that password is saved in the browser password-thingy-cache-thingy, same with the gmail password and various others.
So, when they enter my account, they can access my browser, thus can access my mail and assume my freddys identity and whatnot.

My gripe with the situation is, that they can already access all the data, but they'll have to reset the password, so I'll find out the next morning when trying to log in, and request an explanation. When they have my password, I won't necessarily find out.

You should never save passwords on a non-personal computer - surely that's just common sense.

 

[Ingafgrinn Macabre]

That is easy just don't let FF/IE/whatever browser to save passwords. Keep typing it in every time you visit. That way you are safe.

You should never save passwords on a non-personal computer - surely that's just common sense.

Yeah, I know, but I can't be arsed to type in all passwords for everything every time. I almost have a different password for each login where-ever. Starting to be a bitch to remember and I'm lazy



[edit]
By the way, wanna thank everyone for their input. I kinda settled with the situation, and feel that there's not too much to do about it anymore. I have handed over a false password, wished I wasn't pressured into lying to my boss, but well, can't help it I guess. Anyway, for me the issue is dealt with, maybe not as neatly and politely as it could've been, but as good as it goes I suppose.
About the switching jobs... Apart from this issue, I don't think I got it all too bad over there. Some things can improve probably, but I have no doubt that other jobs will have different cons aswell. Hell, maybe in time I'll start my own company, but it's not that time yet

Thanks a million guys (and Ezteq ofcourse )