I work in a company where the Help Desk staff frequently ask employees for their Active Directory credentials over the phone or email, even for simple requests like password resets. I remember hearing that one of the primary rules of security is to never give out your password, especially to someone claiming to be from IT. Am I being paranoid, or is this actually a breach of security protocols?
5 Answers
You're definitely right to be concerned! It's generally against best practices to share your password, even with IT. They should be resetting it on their end instead of asking for your credentials. If they need access, they can just set a temporary password for themselves to use and then have you reset it afterward. Sharing passwords can lead to security issues and train users to be more susceptible to phishing attacks.
Agreed! I've seen this happen too. It's just not safe to share passwords with anyone.
This practice is outdated and definitely raises a red flag for IT security. If IT needs to access a user's account, they should reset it and not ask for your password directly. Users should always be warned against this kind of sharing. Just because it’s happening doesn't make it right.
Definitely! It’s a bad habit that can lead to serious security vulnerabilities.
This just sounds like a setup for a security compromise! No one should trust that practice.
It's absolutely not safe to give your password, even to IT. If they're asking for it over the phone or email, they’re not following proper protocols. They should have systems to reset passwords without needing to ask users for their credentials. Make sure to document any instances of such requests to escalate this issue accordingly.
Absolutely! Keeping evidence of these incidents can help protect you if something goes wrong.
I’d be worried too. It’s like inviting trouble!
In a well-run organization, helpdesk staff shouldn't need your password. They can always reset it to a temporary password without needing your old one. If someone asks for it, it's worth raising a red flag about their processes.
Right? The way it should work is they reset your password and you can change it when you log in again. Asking users for their passwords is just a bad practice.
Exactly! This kind of process often leads to the potential for breaches.
You're not crazy! Good security hygiene dictates no one should ever share passwords. If this is a regular practice at your company, it may be indicative of a larger training and policy issue that needs to be addressed. Escalating it could prevent possible security breaches in the future.
Exactly! This is a serious security compliance issue.
For sure! You should definitely bring it to someone's attention.
Exactly! IT should never ask for your password. If they do, it’s a sign of poor security practices. You’re smart to question this.