how to fire an I.T. director who has passwords to everything

A reader writes:

Do you have any experience or stories about firing an I.T. Director? That office has the keys to everything. It’s not like another position where when someone is let go, we disable their account and that’s it; they’re disabled and can’t get in.

Excellent question. When I’ve had to do this, there have always been other I.T. staff who I’ve been able to coordinate with to help with the process ahead of time, but your I.T. director does indeed hold the keys to the kingdom and if you didn’t have other I.T. people around to help you, you’d need to worry about basic logistics at a minimum and potential sabotage at worse. I turned to our regular commenter and I.T. expert extraordinaire Jamie, for an answer to this one. She says:

“Ideally there is a protocol by which the passwords were stored in a secured database, because even lone ITs get hit by busses, and a company has to be prepared for that eventuality. There should also always be redundancy for the important tasks, either on staff or with an outsourced consultant — again, so that you aren’t completely lost when the bus hits. One of these tasks is changing passwords — it’s a simple process.

So in the ideal situation, you’d give the passwords to someone trained to change them before you go into the meeting in which the I.T. Director is being let go. Once the door shuts, they are signaled to make the changes before the meeting is over. (This isn’t as James Bond like as it sounds; it’s best practice when letting someone with network access go.)

Unfortunately, people aren’t always dealing with best case scenarios, and far too often you only have one person with the keys to the kingdom. In that case, have someone else on hand who knows how to change passwords and get them before the person leaves. They need to give them to the company, just like they would turn in their company-owned phone or laptop, and having someone on site to change them means that you can verify they are correct before the person leaves.

And don’t forget to change all the passwords. It isn’t just the network and the servers, but everything from Twitter to online applications, firewall support, corporate accounts, etc. Even a small business will have 100+ passwords, and it’s a tedious process.

If they won’t turn them over, get a network consultant to come in and change them manually. You’ll pay for it, but they will be able to do it and will do so in order of importance, security-wise.

And when you hire a replacement (which you should have lined up, if possible, because this is a position you really don’t want vacant) make sure they are documenting the passwords properly so this doesn’t happen again. No IT professional with any integrity would balk at documentation … because good ITs don’t need to build in job security by holding passwords and information hostage.”

I asked: “If you end up having to have a consultant come in manually to change passwords, and/or the exiting I.T. person refuses to give them to you, is there anything you can do to protect against sabotage in the interim?”

Jamie’s answer:

“Preventing sabotage is key (it’s unlikely as the majority of fired people aren’t crazy, but it’s frequent enough to prepare for it, and in this position the damage can be catastrophic). They should take the network down for the brief time it takes to manually reset the passwords. It’s just a blip in uptime. Make sure to clone the drives before you begin the recovery -– so you’ve got your data preserved if something goes awry.

The key to remember is that the only power the person has is to make it more inconvenient for you to change the passwords. They can’t bring you to a halt for more than a little downtime to do it manually. If you do think they are attempting to sabotage after termination, make sure you check your logs to see if someone is trying to access the system. Unlike many things in the workplace, this is indeed illegal.

And if any disgruntled ITs think this would be a good idea, they need to think again. It’s a position that has serious ethical requirements for a reason — because of global access — and sabotage or withholding information would ruin your reputation faster than anything else. Those are career-ending moves.”

{ 79 comments… read them below }

  1. Liz in a Library

    Oh wonderful! I read just the title and thought “Jamie will have great advice for this…”

  2. PEBCAK

    This depends a lot on the Director’s temperament and the reasons for firing him/her, but this also may be one of those times that a few weeks severance to smooth things over would be well worth it. If the person is likely to cooperate, it would be a small price to pay to have him/her on your side to make the transition.

  3. Michael

    If I were said Director and was being immediately let go for what I felt was a completely bogus reason I would likely tell them it’s not my problem anymore once I got word I was being let go, if they were asking me for passwords, that is. Otherwise, sure, I’d try to be reasonable and work with them.

    You can minimize a TON of external threats if you have a reasonable security policy in place before telling them to vacate the premises. If the corporate firewall automatically rejects direct connection attempts from the outside world then it’s kind of hard to connect, for example. Most places I’ve been in have a pretty good usage of virtual private networks that take credentials to login to. This becomes a matter of changing passwords and/or simply deactivating accounts. In this policy should be hard rules about one-person-one-account so you’re never in the position of “we can’t disable it as the entire IT team uses it” that also has a robust password management section. If you don’t have this and are wanting to let your IT Directory go I would suggest delaying this and having one of their last major projects being implementing a policy that does this. If they’re being let go for ineptitude then this may not work.

    I would also likely unplug and subsequently simply reimage (erase/format) their entire machine the moment they left the building. If they have any software installed such as drop box that gives them a way to get files into your network that needs to be stopped.

    Unfortunately, one of the largest threats anyone could make is the usage of a USB stick to deliver malware to the network. They can just plug it into any machine they might encounter on the way out and it will automatically load so this is one of the few instances where I would advise to have them escorted. This is, of course, only pertinent if you have any reasonable suspicion they would do this. The threat is that most network policies I’ve seen don’t disable automatic device discovery as most places don’t have a reason to so it would be a choice attack vector.

    If you don’t have the vindictive sort on your hands then most of this is moot and it will go very smoothly.

    1. Jamie

      If I were said Director and was being immediately let go for what I felt was a completely bogus reason I would likely tell them it’s not my problem anymore once I got word I was being let go, if they were asking me for passwords, that is.

      I agree with your sentiments on security, but I disagree with the above.

      If a salesperson were being let go for what they considered a bogus reason that doesn’t mean they don’t have to turn in the keys to the company car. IMO it’s the same thing – they may not be tangible keys, but they are still keys and they don’t belong to the departing director – regardless of how they feel about their reasons for termination.

      I really see the obligation as being very similar to building keys. If a manager leaves and refuses to turn in the keys to the building, you need to call a locksmith and have everything re keyed at the companies expense – but that doesn’t mean turning in the keys is optional.

      Actually, I wouldn’t care if the company were run by Satan himself…if I had references coming back that someone was withholding passwords from those entitled to them I would never work with that person. There are no mitigating factors for me when it comes to this.

      1. Ask a Manager Post author

        Yes, and it’s SUCH an unacceptable thing to do that that’s person’s professional reputation would be ruined by it, among anyone who heard about it, even years later.

        Not to mention, it’s just incredibly petty and unprofessional. No mature person operates that way.

      2. KellyK

        Yeah, I’m with you on this, Jamie. No matter how unreasonable they are, the passwords are theirs. The only way I can possibly see refusing is if the company was insisting that you do it in a way that was unreasonably inconvenient to you (e.g., they walked you out before you could hand passwords over and now they want you to personally deliver them to the corporate office in another state).

        I’d expect that that level of stupidity just about never happens, because people would just want their passwords *back* period, rather than quibbling over the details. But I can totally picture the one boss who wanted a fired employee to drive out to a distant office to return stuff being just as unreasonable about passwords.

        Even that level of craziness doesn’t get you off the hook for returning company property, though. You just might not do it by their preferred method.

      3. Jessa

        Actually if I had someone who had keys, their contract would very specifically say “if I do not turn in the keys when I leave the company, the company has a right to take the re-keying of their locks out of my final paycheque.” Every keyholder I ever worked with had to sign something like that when they were given keys.

        Every time I was given a headset or personal piece of equipment (laptop, company phone, whatever,) I was expected to sign a paper acknowledging I got item #134 and was responsible for repair/replacement cost, absent normal wear and tear.

        It’s the responsibility of the employee to return things. I know that a friend works as a cable tech, they have a thing where they get a $30 allowance every year for “lost tools,” as in “Oops left my screwdriver at the customer, no idea which one.” Anything above that allowance comes out of their cheque. And yes the company will be nice if you break or lose a $200 piece of tech, they’ll take it out of more than one cheque.

        But NO, an employee not returning something should not be an expense of the company.

      4. Michael

        I had not doubt that part wouldn’t be well received here. It’s gut reaction to the situation, regardless.

        1. ThursdaysGeek

          Nope, just because they are unreasonable and unprofessional doesn’t mean I’ll stoop to their level. Sure, I’ll at least briefly imagine it, but then I’ll remember that I’m a professional even if they aren’t, and I will behave accordingly.

      5. anon-2

        “If a salesperson were being let go for what they considered a bogus reason that doesn’t mean they don’t have to turn in the keys to the company car. IMO it’s the same thing – they may not be tangible keys, but they are still keys and they don’t belong to the departing director – regardless of how they feel about their reasons for termination”

        Yeah but there’s a big difference between car keys and passwords. Once you relinquish the car keys – you can’t drive the car anymore. If anyone drives the car and wrecks it after that – it’s their problem.

        Passwords are different. I turn over my password to you – you can cause damage and blame it on me. See below – a best practice is to have TWO “godlike” administrators, and when one might get fired – the other can suspend the ID and basically eliminate the account from the system.

        This protects both the company – AND the person being fired.

        1. LittleL

          This. I realize that when it’s gotten to the point that you need to dismiss an employee, it’s too late, so prevention is absolutely key. Be sure there is an updated list of passwords secured under lock and key (either physical and virtual). Then make sure at least 2 people have access to ti.

    2. BCW

      Thats a great point. I always think its funny that employers want to terminate someone and have them off the premises ASAP, but then expect them to be cooperative about helping to do other things.

      1. Jamie

        I think where we differ is that you consider giving them being “cooperative” and I see it as a professional obligation. You aren’t being generous by giving them their own property – anymore than it’s generous to return the company laptop, etc. It’s theirs – you turn it in.

        1. BCW

          I think again though, you have to look at exactly what you are asking of them. I think giving back a lap top, and a key t the office is something that takes less than 5 minutes of your time (that you are no longer being paid for). Depending on the organization, getting all the passwords and data specifics can be a longer process. So to unexpectedly fire someone, then expect them to take an hour or 2 (or however long this takes) to do something like this is asking a lot in my opinion. Its like someone said, thats where the severance package comes in.

          1. Jamie

            You are asking them to hand over one password – the one to the pw database.

            A solo IT who is doing their job has them stored properly.

            It would take me longer to get the building key off my key ring than to remind them the password is in the company safe, or locked in a drawer, or tell them verbally that it’s FizzySH*TBlizzards4TediousSUCKMonkeys – case sensitive.

            If they haven’t been keeping a database, then they had some other tracking methods because absolutely you carry the major ones in your head – but there can be hundreds and they were stored somewhere.

            I honestly don’t know anyone who doesn’t have a database – and not because we think we are about to be fired. I would be quite surprised by that – but if my appendix bursts the last thing I want as I’m laying on a gurney in ER it trying to give someone case sensitive passwords over my phone.

              1. SweetPotatoPie

                That’s the hardest I’ve laughed all day!! I really need to make my passwords more creative.

            1. Jessa

              Honestly, this. I have never had an IT type person work for me where I did not have the passwords. While they were working for me. This should actually not be a thing you do when you’re firing someone. There should always be a “secondary key holder” so to speak. One person should never be the only one with the passwords. As it’s been said upthread, if they get hit by a bus and are out for a month what do you do then?

              It should be part of the normal business procedures.

            2. LittleL

              Best. Password. Ever. I wish I could use it. INstead, I’ll just post it inside my desk so I can look at it and giggle.

      2. -X-

        This exchange between Michael and Jaime is interesting, because it points up something that is being debated in law as well – the extent to which passwords are keys and to which they are more general information. In law, the debate is whether forcing a criminal suspect to give up passwords is like giving up a key (a physical object) or asking them to, in affect, testify against themselves in violation of the 5th amendment.

        In practice, giving up passwords is a small thing, but I think there’s a continuum from passwords to more technical information and onwards into complex knowledge. Detailed settings of some process or equipment (the sort of thing that would take a page or two to write down) are a short way up the continuum from passwords – would someone abruptly fired be expected to spend time documenting that? Certainly that information should have been documented as part of the job, but assuming it wasn’t, whose responsibility is it to go the extra mile on that one? It’s worth thinking about.

        It’s also worth pointing out a way in which the analogy between physical keys and passwords breaks down. It is just about certain that the passwords will all be changed whether or not the departing employee provides them. That is not always the case for physical keys that are returned – the locks might not all be re-keyed. So, if there are proper systems in place, in the case of passwords there is little or no additional cost if someone doesn’t provide the passwords – they’d be re-set anyway.

        1. Jamie

          Interesting points.

          Detailed settings of some process or equipment (the sort of thing that would take a page or two to write down) are a short way up the continuum from passwords – would someone abruptly fired be expected to spend time documenting that?

          IMO, no, although I am sure other reasonable people disagree. If you’d like them to document after the fact that’s when you discuss a consulting fee. Otherwise you can pay a consultant or have the new hire document configs.

          If you are leaving amicably there is nothing wrong with having some free Q&A for the new hire – but I don’t think that’s owed. YMMV.

          in the case of passwords there is little or no additional cost if someone doesn’t provide the passwords – they’d be re-set anyway.

          It’s more time consuming to reset passwords when you don’t have the originals. If you’re paying a network consultant going rate – which around here is about $135 per hour – it is significantly more costly.

          1. -X-

            I don’t understand why you need a network consultant if things are set up right – not as the OP asked but in a proper system, with passwords in a database/service a handful of people have access to, or at least two people having rights to every critical system (very important in case someone is incapacitated).

            1. anon-2

              ++99999, -X- you understand computer data security.

              Some people here aren’t experienced system administrators, however, and would rather debate ethics than practicality.

              When an employee is terminated, his access can be terminated as well (it should be) and the change should and will be transparent and non-disruptive – if you did things correctly.

              1. Jamie

                If best practices were being used then the question wouldn’t have been sent in. The other admin would have taken care of it.

                The question was based on a situation in which they have not been followed, when you only have one person with the passwords, and how to deal with that less than ideal situation.

                No one is arguing that its best practice, but sometimes the practicality is that you deal with the messy situation and then put procedures in pace so it doesn’t happen again.

                1. LittleL

                  Precisely. We often don’t implement best practices as it’s too much time, but then we regret it in situations like these.

          2. Natalie

            In fact, depending on the circumstances that might be significantly more expensive that rekeying a physical door. We rekey doors for tenants frequently, and if they only have one door and didn’t call us at 4:45 on a Friday, a rekey runs around $150 (including new keys).

            1. clobbered

              Agreed with X. Basically, if you are asking yourself this question on the eve of firing your IT Director, your IT processes are inadequate.

              The standards recommend not only that you secure yourself against somebody being run over by the proverbial bus, but also against the “rogue sysadmin” scenario. Now you don’t necessarily want to go down total paranoia route here if you’re not running a nuclear reactor, but certain very high valued assets should be independently backed up by two different employees, and the employees should be unaware or lack access to whatever method the other is using. For example, the employees could take turns doing a tape backup and giving the tape to Paryoll to put in the safe.

              If you have two employees go into a crazy rampage at the same time, then I’d have to wonder what the heck you are doing to them :-)

        2. Ellie H.

          I would say a password is like a physical key because it has zero intellectual content (proven by the fact that it can be randomized, and still function). Where is this being debated in law? I would be really interested to read about that because it seems quite clear to me. I don’t quite agree that the analogy breaks down. If the IT director was the only person who held the passwords before, giving them to someone else is the equivalent of handing over a key. To me the analogy to not changing passwords would be that someone is given two copies of every physical key and only needs to give one of them back. Interesting to think about!

        3. the gold digger

          the debate is whether forcing a criminal suspect to give up passwords is like giving up a key (a physical object) or asking them to, in affect, testify against themselves in violation of the 5th amendment.

          Except asking someone to give up something that is not theirs – the passwords that belong to the employer – is completely different from asking a criminal suspect to give up something that is his. You have no right to keep the keys to your office once you no longer work there, but for the police to come into my house (i.e., get the keys), they need a warrant.

          And even if someone got a warrant to my home computer, how would they make me cough up the password? Torture me? If they want to search my computer, they can figure out the password themselves.

          1. -X-

            My point is that passwords are not physical objects. And good IT and managerial systems should recognize that.

            1. anon-2

              I would also be worried, -X- , about handing over my password.

              They’re dumping me. They don’t trust me anymore with access to their resources.

              Why should I trust them WITH MY IDENTITY ON THAT SYSTEM?

          2. Kate

            In fact, I would argue that you have no right to keep the keys to your office while you work there; it’s not a right, it’s a privilege that you may or may not be afforded depending on the role you play and when you need to access your office. I agree that the passwords are not theirs, even if said passwords are their brainchildren; and why would you want to claim intellectual copyright to a password, if not to flout this kind of potential law?

        4. Jessa

          There is a substantive difference between law enforcement asking and the people who own the equipment/database/etc. asking. One needs a warrant or probable cause, the other has an absolute right to it (providing they paid for the work for instance, web designers have a right to hold their product if it’s not paid for.) But work made for hire on company time? Passwords to company resources, there’s no question here. They belong to the company.

          1. -X-

            Perhaps I wasn’t clear. My point in bringing in the legal issues is to highlight that passwords are not the same as physical objects. And good IT and managerial systems should recognize that.

            As soon as someone is leaving the organization their account can be frozen or its right removed and the whole question of getting the passwords is moot. Don’t need them. Accounts are locked, shared passwords are changed. That’s not the case for physical objects. We can’t have the spare keys out there with a non-employee.

        5. Jessa

          If there are things that should be documented in case the IT person gets hit by a bus, this stuff should be being documented as it’s being done. That’s only sensible procedure. If you plan in advance there shouldn’t be a lot of “omg we need this done after this person leaves,” because it would have been part of their job description to have done it all along.

          1. Jamie

            I totally agree. A one person IT department, no matter how good at documenting, won’t be able to get everything.

            But just like I think there are what I call “Oh s**t!” employees – the ones that if they give notice you’re going to kinda freak out over and kick yourself for not being able to keep them…there are “Oh s**t!” processes where if they were wiped out you’d cry if you had to try to remember how to configure from scratch.

            Make sure your “Oh s**t!” stuff is documented, along with 90% of your “Oh crap…” processes and you’ll be okay.

            That’s part of disaster recovery…if you had to start clean with nothing but your software and data how fast and accurately can you get back up.

            Sometimes I think not having a great memory helped me here. From the beginning of my career I didn’t trust myself to remember a config or a fix months or years down the road so I just documented for my own sake. As of last June I was at 2100 pages of stuff I made – not including OEM stuff…it really does come in handy.

            1. Anon ex IT employee

              I love this Jamie. And really, the same thought process would be immensely useful across the entire organization.

  4. perrik

    Consider disabling remote access until you can get the passwords changed. That won’t help with external logins (like the corporate Facebook or LinkedIn accounts), but at least you can block this person from the VPN, webmail, and the like. Also, all IT personnel with root access should immediately change their passwords. It’s possible that the IT Director may know at least one other set of login credentials.

    Someone who reached the level of IT Director would – I hope – be aware of the need to preserve his/her reputation and references, and would act accordingly. But you never know.

  5. Sascha

    Go Jamie! IT person extraordinaire. :) This was very interesting to read, especially as an IT person myself. I’m pretty low on the totem pole, but I do have the responsibility in a couple systems to make sure accounts and access are terminated for people who leave. I’ll keep all these tips in mind. Thanks!

  6. Catbertismyhero

    An additional thought: when any IT person leaves the organization, have everyone in the organization change their passwords. We fired a low-level technician who accessed the network later using someone else’s credentials. He had collected the credentials while fixing problems for individuals.

    1. Anon ex IT employee

      This is so true. Also change testing account passwords. We had at least 10 test accounts to change. Also any customer access passwords, like an FTP site, should be changed. A lot of times IT people help customers with these things and will have set the password to something easy that they would remember. Same with shared logins for Projects Databases, etc.

      1. Yup

        Good call on the testing passwords. Test sites may hold real business data that was transported into the test environment, which could be a concern if it’s customer accounts, financials transactions, employee HR data, etc.

    2. Jessa

      This is one of those awesome ideas I never even thought of, about everyone else’s passwords, being available to IT….

      1. -X-

        In my organization IT doesn’t ask for account passwords and says (and I believe them) they don’t have access to them. They can force a reset, which goes to the account’s email, and I guess they could set things up to forward them a copy of emails. But that’d leave a nice trail of the action and the user would be aware of this as well. I guess they could install key loggers if they wanted…

        As I understand it, most secure systems do not allow IT to access user passwords. They can still get passwords by asking for them (like the tech who Catbert mentioned) but IT where I work pointedly does not do that. That’s good practice.

        1. Natalie

          I’m not sure how big your organization is, but if it’s of any size you’re probably dealing with tier 1 or 2 IT people. The IT Director is going to be a completely different animal, both in allowed access levels and (probably) technical ability to misuse those access levels.

          1. -X-

            The top guy (I sit near him) does not ask for passwords and has said he does not have access to passwords.

            Sure, he could probably could figure out a way to work around the managerial and technical obstacles if he was determined to. And he’d get low-level user rights that way. But if he left, I don’t think his successor would believe that every user account needs to reset its password. Every IT admin account sure as heck would be reset, but not basic accounts.

    3. -X-

      Please think about this in terms of scale – what if the organization has 500 employees. 5,000? More?

      1. danr

        The system should be set up to handle ordinary password changes. A good system will require password changes at intervals anyway.

        1. Elizabeth West

          Then ours must be fantastic. I had to change mine the other day and apparently this is frequent. Also, we have to log into EVERYTHING, even if we’re already logged into the network. But it would be nothing for them to just flip the switch, so to speak, and block us if something happened and our permissions would be revoked like that.

        2. -X-

          My comment about was about this suggestion “An additional thought: when any IT person leaves the organization, have everyone in the organization change their passwords. ”

          It’s not appropriate to ask hundreds of people or more to change passwords because an IT person leaves the organization. There’s a mental cost you’re imposing on the staff to do so.

  7. Anon ex IT employee

    Don’t forget purchasing accounts like Staples, Amazon, etc. Ask around in the dept to see what misc websites he may have logins for, as many of them store company credit card information. Also the websites to the corporate credit cards themselves. Another tedious but absolutely necessary step is having the authorized POCs changed with every vendor your company works with. Double and triple check that this gets done because it often takes several calls before the vendor has updated notes in all of their systems. Plus it will be good practice since the replacement will need to be added when they start anyhow. Don’t forget the ones they only need once in awhile, like Iron Mountain or your company’s cell phone vendor.

    1. Jamie

      Good point about POCs – this is why I am a huge advocate of using an admin or administrator “generic” email addy rather than someone’s personal email addy – so when people leave you just transfer the alias addy and don’t have to redo that.

      1. anon-2

        Jamie –

        It might be easier – but having a generic password/id removes all accountability.

        That’s why you establish passwords in the first place. Let me relate a “Dinner Table Story”.

        I once worked in a place that had a “generic ID” – 20 people used the same id to log in. I, and another computer veteran both advised management —

        a) this isn’t a good idea. We have no accountability if there’s an “incident” – either accidental update, or deliberate sabotage.

        b) we countered the argument “but gee whiz, everyone would have to remember their own password and ID” — yes, and if they can’t do that, they’re probably too stupid to work here.

        So they blew us off. Fine.

        Sure enough – one night – we DID have an incident. Everyone wanted to blame a disgruntled, departing employee. Both myself and the other veteran said we could not ascertain WHO had done it.

        “Well don’t you have suspicions?” I might have had one, but there were several people who may have had an incentive for doing this – including those who wanted to castigate the disgruntled departee. And if I were called upon in a deposition to say “who did this?” — I could NOT. Twenty people had access to that ID – twelve of those people were in the building when it happened – and it could be any one of them.

        ” I had log data that showed the ID — but I don’t know whose hands were on that keyboard, and NEITHER DO YOU.”

        1. Jamie

          I meant generic as is admin@ chochteapotsinc.com as opposed to someone’s name jkeyboardmonkey@ chochteapotsinc.com.

          It still goes to only one person and is controlled, but if that person leaves the company you reroute the admin email to the new person and change he password.

          I wold never advocate sharing an account or logins of any kind for the reasons you mentioned – it’s about the electronic footprint.

          1. anon-2

            I respectfully disagree.

            When admin #1 leaves – let’s call him jamie, admin #2 is “the man” or “the woman”. admin #3 will apparently come in as his/her backup.

            Very easy to identify all parties by name, rather than regurgitating a generic id.

          2. Jessica (the celt)

            I have a similar issue, although it’s not a tech issue. I’ve been asking the school I work at to create generic email addresses for certain offices that are regularly emailed. A couple of those offices have had high turnover, so it would be nice to have one email that can then be forwarded to the current person in that position (e.g., admissions@school.edu or attendance@school.edu). Because they immediately shut off emails of people who leave or who are asked to leave (no forwarding, literally deleting the account), this would help alleviate the issues from parents and students not knowing which person they need to contact at any given time.

  8. cncx

    I do think it would be a rare situation for a fired IT director to just walk out and flip the bird, because like the end of the article said, it is a career ending move.

    The change in personnel is a good chance for non-IT management to get a good authorization concept in place and clean up password management- not just from a succession planning or contigency planning point of view, but also for audit purposes.

    As mentioned in the article, a great policy is to have the non-user-specific “Administrator” passwords locked up somewhere, and then tailor the IT staff’s user accounts with permissions specific to their job descriptions, even if those accounts have domain-level accesses. This also works well for audit purposes due to seeing who did what in the logs, rather than just “Administrator.”

  9. anon-2

    Having worked in data security myself —

    a) there is usually more than ONE person with administrative authority. This is to cover the “hit by a train” situation. Anything else is irresponsible. And exposes you to liability / hurt the business, etc.

    It also covers routine illnesses, vacations, and other absences. Since each admin account is unique – there’s accountability. You know who did what to whatever. You have to have TWO people you can trust. That way the operation goes on if one person’s gone.

    b) If I were about to fire someone – I’d just have the OTHER admin change his password while the person was being fired.

    Did you set things up so only one person has admin authority? Shame on you. There should be no reason to ask “what’s the password”… you have your backup administrator remove the departing guy’s password before he goes out the door.

    Oh, I might add – sharing passwords is a recipe for disaster. It’s not just against best practices — it flies in the face of ANY GOOD practice.

  10. Mints

    Uh so this is unrelated but I wanted to share on this Jamie post– today my boss asked me to “pretty up a document” and I was just so flabbergasted I wanted to say “Pink font, dotted with flowers and hello kitty border?”

  11. Louis

    There is a difference between an account assigned to you like Bob.Smith@company.com and a generic system account (like the local administrator password on a Windows server)

    For a named password, it’s basicly your identity and you shouldn’t have to give the password away… worst case scenario if they need access would be for them to force change your password with another admin account, but then you are “protected” because the password change date/event prove it was no longuer your identity.

    For generic system admin password, yes you should pass them up on termination and it’s their business to change it afterward.

    And if the person leave want to piss you off, sabotage if not the best way. You better have a list ready of all the password you want because he sure won’t give you hints regarding the one you forgot to ask him…

    Your best proctection is to have another IT admin that knows your systems and that you trust and work out the termination scenario with him/her

  12. Lewis

    Hi Everybody,

    Thanks for your input.

    I’m the reader who submitted the question. Here’s a few moving parts.

    It’s not so much HER personal password. That part is easy. I have the access required to change her password. Three of us in Technology, including the Director, access the singular Domain Admin account. That’s my concern. THAT’s the password I’m needing to change (in the event).

    I AM concerned about immaturity, unprofessionalism and unpredictability in her. As many have said, technical mischief would be professional suicide but she’s the picture of poor HR judgment.

    I’ve identified disparate network / server services that use the Domain Admin credentials. I’ve identified (as of today) all accounts that have VPN privilege. I’m prepared to stop ssh connectivity to our external firewall. I’ve identified external vendors who need to be advised.

    FYI I found several tactics I was looking for in Googling “How to fire network administrator” many of which have been detailed here.

    Glad to have tabled the topic!

  13. Thorsten

    I understand the reasons given here about this being unprofessional conduct on the IT director’s part and there is no excuse for it.

    I’m wondering how far you would take this in case the situation is the other way around. Imagine that you’re an IT director in a really small company who gets fired, and the company didn’t think to have anyone in place to take over, nor did they ask to hand over passwords and information for all servers and services in use. They also flubbed the last day – the IT director goes into the office on his last day, thinking he’s going to receive the necessary paper work, the final paycheck, and hand over the office keys and any other information they need, but none of the other two employees (the CEO and the COO) shows up. There is no final paycheck as of yet, there was mention of severance pay in the contract that hasn’t been resolved, there were some other outstanding payments, and there is also a previous promise of stock attribution that should have been done but was never finalized. In effect, on everything the company owned the IT director so far, they have not delivered or finalized correctly.

    It would seem to me that the company has handled the termination very stupidly, and that the passwords are the only real leverage the IT director has to make the company live up to its contractual obligations. Would you still argue that it is unethical for the IT director to turn over passwords until the company settles the debts? Is it in fact illegal, or should the company pay at least the salary first?

Comments are closed.