Share Dessert, Not your Password

Never Share Your Passwords HereIn many offices, people think nothing of giving their computer login User Name and Password to a co-worker.  In general, this is a bad idea.  Once a co-worker has the Password associated with your Login, the co-worker can masquerade as you.  There is no technical way to differentiate actions taken by you vs. your co-worker should something inappropriate transpire.

For example, perhaps your co-worker is targeting your job and acts maliciously by sending out a sensitive document to a competitor using your email account.  It would be extremely difficult to prove that you did not send it.  Whoever did send it had your User Name and Password and gained access as you.  Management will ask who else could have sent it but you?  As an IT Auditor, I can assure you that most companies do not have the forensic skill to perform a proper investigation to save your job.  The facts will appear to be self-evident and Management will take the path of least resistance and fire you.

It is extremely common for an Assistant to an Executive to have the Executive’s User Name and Password.  This too is still a bad idea.  The mitigating factor is that in most cases, the Assistant’s have the explicit trust of the Executive especially if they have been together for many years.  I fully understand that the entire purpose of an Executive Assistant is to “assist” and act on matters that the Executive may not be able to attend to directly.  However there are alternatives that do not compromise the Executive’s personal privacy, allow the Assistant access to selected functions, and still maintain an audit trail of access.

The problem with providing an Assistant your User Name and Login Password to your computer, corporate network or any other account is that this is an “All or Nothing” proposition.  There is no ability for you as the Executive to keep anything “private” from your Assistant.  This means that every single email, document you receive or draft, message from a family member to your work email (and possibly your personal email) – you entire life – potentially – is completely exposed to your Assistant.

On a practical level, this may not seem like an issue to you.  You might say, “My Assistant only uses my Computer when I ask him or her to check something for me.”  And I would say, “Are you absolutely sure that is the ONLY time he or she has ever sat down at your computer and looked around?”  Giving your Assistant your Password exposes you as the Executive to the same kind of risk as any other Staff member.   Information that was to be private and remain within the Company or that was for your “Eyes Only” is now potentially shared with your Assistant and whomever he or she sees fit to share it with.

Here is a better solution:  Depending on your specific environment, if on a Corporate Network, your Assistant can use his or her own login to access your Computer and Files provided that you give (or more likely your IT Person gives) the appropriate permissions to the directories that contain your personal files that are either stored on the local computer hard drive or on the Corporate Network.  In this manner, there is an “Audit Trail” of who accessed what file and when.

The best solution is to take advantage of the fact that you have Corporate Network environment and create “Shared Folders” that only you and your Assistant can access.  This allows your Assistant access to files you deem unclassified in the Shared Folder while still allowing you to store sensitive information privately that only you can access in your own personal folders.

Both of the above options work regardless of if you have a Corporate Network and a File Server where files are stored centrally or if you have a Single stand-alone PC.  Even on a Stand-Alone PC (or Mac) you can have individual user accounts, each with their own 100% private storage area that can only be accessed while that specific user is logged in under their user name and a common storage area that all users can access regardless of which specific user is logged in.

The most popular excuse (reason) for the sharing of the Executive User Name and Password is for the co-worker or Executive Assistant to check and respond to email.  Most Corporate Email Servers, specifically Microsoft Exchange, support the ability for you to give Proxy Permissions to a co-worker or Assistant.  This enables someone other than yourself to read, reply, create, and send mail as you depending on what permissions you allow.  The subtle difference is that there is an Audit Trail that shows that the correspondence, even if appearing to have been sent by you to the outside party, was actually sent by your Proxy – the co-worker or Assistant acting on your behalf.  The other key advantage is that if a message is marked as “private”, a function of some Corporate Mail Servers, the co-worker or Assistant cannot see it.  Only you can only open the message with your specific User Name and Password.

User Names and Password are personal and should remain specific to you.  As you can see, there are a number of ways to share files and enable access to email with co-workers and Executive Assistant’s that do not compromise your personal privacy.

There is one exception to sharing your Password with someone and that is usually the IT Administrator.  Having your specific User Name and Password makes it easier to diagnose problems with your account and enables the IT Administrator to see exactly what you are seeing and the problem you are experiencing.  Understand that your IT Administrator has a “Super User” (Administrator) account that would allow him or her to see, in most cases, absolutely every file, email, and piece of data on the Corporate Network regardless of if he or she had your specific User Name and Password or not.  (The few cases where this is not true are when a separate encryption program is used to securely encrypt specific files and directories or a specific password is set on a file.  In those situations, only the person who set the encryption or the password on the file or directory knows the password to decrypt (access) it.  Neither the IT Administrator, nor anyone else for that matter, can access or read the file.)

In general, do not share your user name and Password with co-workers or your Assistant if you can possibly avoid it.

Share Dessert instead.  Much tastier and the only risk is a few extra calories.

Speak Your Mind