Site icon TwistedSifter

A Frustrated IT Specialist Is Reeling Over a Security Mandate Banning Contractors From Basic Systems

man working in a call center

Shutterstock

Imagine working in tech support, and an employee needs to reset their password. Obviously, you would need to verify that they really are an employee before fulfilling their request.

What would you do if they were unable to answer the verification questions because they are a contractor and not an actual employee? Would you make an exception to the rules or make them wait until a supervisor who could answer the questions on their behalf was available to help?

In this story, one tech support worker finds himself in this situation over and over again due to a lot of contractors working out of one of their offices. The supervisor on site is also a contractor, but the tech support worker can only reset passwords if he talks to an employee not a contractor even if that contractor is a supervisor.

Keep reading for all the details.

You’re only a supervisor if you actually work here.

One of the joys of working as a contractor for Large Investment Firm is that they’re a global organization. That means they need 24/7 Helpdesk support.

But even though every weekday at least one office is open somewhere in the world, there was still a lull in calls and emails.

The Australians were too laid back to bother calling anything in after noon their time, and the Honk Kong office had some sort of weird system of their own where they took care of themselves.

This sounds like a really easy job.

Because the call volume was so low, but they had to have someone there, I started a glorious year and a half where I showed up to work at 10PM, then proceeded to do absolutely nothing but browse the internet and watch movies until around 2AM when people started showing up at the London office.

Because of the time different, pretty much the only calls I got during that time were from the contracted developers in Mumbai.

See, because Large Investment Firm (LIF) holds so much confidential financial data, information security is pretty important. At least for non-employee contractors like myself and the Indian programmers.

But while we had Active Directory access at the Helpdesk when our accounts got screwed up, the programmers didn’t. So they had to call us.

Here’s some more context about password resets.

Password resets required a full name, a department, and verification of their badge number. Missing any three of these meant we couldn’t do a reset.

And of course, the guys in Mumbai didn’t get badges since they weren’t working in a LIF building.

Let’s start with the first call…

Me: Thank you for calling LIF Helpdesk.

The programmer needed a password.

Contracted Programmer: Yes, my account is locked out and I need the password please.

Me: Can I get your first and last name?

CP: Contracted Programmer.

Me: …could you spell that please? (Note: The actual name was a very Indian name and I, being an American from Texas, had no clue how to spell it.)

CP: spells name

But he couldn’t answer the next question.

Me: And your department?

CP: I do not have a department.

Me: You don’t?

CP: No, I am in Mumbai.

He didn’t know the answer to the next question either.

Me: Huh. Do you have a badge number?

CP: No, I do not.

Me: In that case, we would need your supervisor to submit a ticket for a password reset for the account.

CP: Hold on, I will get him.

But the supervisor couldn’t help either.

Programming Supervisor: Hello, I am PS. You need my approval to reset the password?

Me: Yes, but I need to verify you first. Could I get your badge number?

PS: I do not have a badge, I am a contractor.

Me: Wait, so there’s no LIF employees in your office?

PS: Of course not!

Here’s how he handled the situation.

Okay, now we have a problem.

This was our first exposure to this problem and, because I was working alone but had no supervisor’s powers, I couldn’t make a call on this one. The only thing I could do was call ManU Boss and wake him up early to figure out what to do, be a hard-nose about policy, or I could chicken out and stall.

Me: I apologize, but due to security protocols, I need to escalate this issue. As soon as we know anything, we’ll be in contact with you.

Bullet dodged, I went back to watching Red Dwarf while sending an email to about five people to set up a policy for this.

Eventually, the password did get reset.

It took four hours to get that programmer’s password reset.

See, when an employee can’t verify their badge number for whatever reason, their supervisor had to submit on the user’s behalf. The “supervisor” at LIF for the Indian programmers was a Tech Middle-Manager (TMM) out of the London office. Because of the time delay between offices, it took ages to get the password reset.

So eventually the process was explained to the Mumbai office. We could unlock accounts in AD, but only once every 24 hours (giving them six chances to guess their password) and no password resets unless the policy was followed.

Here we go again.

Me: Thank you for calling LIF Helpdesk.

CP (different one though): I need to reset my password.

Me: Do you have a badge number?

CP: No, we don’t have badges.

OP explained the situation.

Me: Then you’ll need to contact your supervisor in order to have the password reset. All we can do is unlock the account, which I’ve already done.

CP: The password still isn’t working. I would like it reset please.

Me: If you don’t have a LIF badge number, your password can only be reset by your supervisor.

CP: Hold on, I will get him.

He tried to stop him.

Me: No, wait—

PS: Hello, this is Programming Supervisor. Reset his password please.

Me: I need a badge number from a LIF employee that is the direct supervisor of an employee to reset the password. I’ve told you this once a week at least for the last six months.

PS: You do not talk to me that way! I demand you reset this password immediately!

OP clarified again.

Me: Due to security policies, I cannot. All I can do is unlock the account once per day, which I’ve already done and the account is already locked again. Any password resets for any of your employees have to come from TMM.

PS: My people cannot work! You must fix this now!

Me: If I can’t verify you, I can’t reset your password. Just like last week. Just like last month. If you have issues with this policy, please direct them to Security Director.

PS: I will! click

The problem didn’t end there.

Me: No you won’t, you haven’t for the past three months!!

This repeated until our contract was cancelled, though the frequency of the calls died down to once every month or two a few weeks after that particular call.

The policy was never updated, and PS was angry every single time he called in.

That sounds really frustrating for everyone involved, but why are the employees forgetting their passwords so often? If they could just remember their passwords, they wouldn’t have to reset them.

Trending and Popular

If you enjoyed this story, check out this post about an IT employee who refuses to change his “perfect” software install because the hardware was mistakenly installed upside-down.
Read The Drama

Let’s see how Reddit responded to this story.

Exactly! This is why the policy will never change.

I think it was the same supervisor every time.

This is the real question.

I have trouble remembering my passwords sometimes too, but especially when they know it’s going to be such a hassle to reset the passwords, you’d think the Mumbai office would’ve come up with some sort of way to help the employees remember their passwords. If they didn’t need to reset their passwords, it wouldn’t have been a problem at all.

Trending and Popular

If you enjoyed this story, check out this post about an employee who leaves with a long line on Thanksgiving because his boss refuses to approve overtime.
Read The Drama
Exit mobile version