My ex-coworker wants to know my Bitlocker password
I worked for X company as an applications developer and one of my former coworkers (not my supervisor or an IT person) asked me for my BitLocker password. I left the company 2 weeks ago for a new job. I cleaned my computer, but I didn't clean my network folder. I don't have anything to hide (illegal or other non work related documents), but I don't want my coworkers accessing my data. Also, I might have SSN or other Personal Identification information in there (for the on-boarding process etc).
Is this coworker out of place asking for that information? How can I professionally decline his request?
PS. This question is not a duplicate, because it's not my former boss that is requesting the password. It is a coworker and I don't have knowledge of that being done for a previous employee that left the company. In fact none of my coworkers were allowed to keep this ex-employee laptop around 'just in case I need his data'. That computer was formatted right away when he left the company.
Resolution
I told him that:
I had wiped out my data, because of personal information, but that I had transferred important folders and files to team/shared drive.
I told him that another coworker knew which files those were and where those files were located on the shared drive.
I told him that I couldn't share my password because I used it in other accounts.
Asked him if he needed something specific and offered to go to the office and type in the password directly into the computer.
His response:
"We just needed to send the licenses for ReSharper and RedGate back to the license server so that they could be reassigned.".
My opinion; There aren't new developers since the hiring process takes ages. No one needs those licenses AFAIK. I honestly don't know why IT didn't contact me officially...
He dropped the issue.
software-industry coworker privacy
edited Jun 9 '17 at 19:28
Nathan L
1034
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
|
show 1 more comment
I worked for X company as an applications developer and one of my former coworkers (not my supervisor or an IT person) asked me for my BitLocker password. I left the company 2 weeks ago for a new job. I cleaned my computer, but I didn't clean my network folder. I don't have anything to hide (illegal or other non work related documents), but I don't want my coworkers accessing my data. Also, I might have SSN or other Personal Identification information in there (for the on-boarding process etc).
Is this coworker out of place asking for that information? How can I professionally decline his request?
PS. This question is not a duplicate, because it's not my former boss that is requesting the password. It is a coworker and I don't have knowledge of that being done for a previous employee that left the company. In fact none of my coworkers were allowed to keep this ex-employee laptop around 'just in case I need his data'. That computer was formatted right away when he left the company.
Resolution
I told him that:
I had wiped out my data, because of personal information, but that I had transferred important folders and files to team/shared drive.
I told him that another coworker knew which files those were and where those files were located on the shared drive.
I told him that I couldn't share my password because I used it in other accounts.
Asked him if he needed something specific and offered to go to the office and type in the password directly into the computer.
His response:
"We just needed to send the licenses for ReSharper and RedGate back to the license server so that they could be reassigned.".
My opinion; There aren't new developers since the hiring process takes ages. No one needs those licenses AFAIK. I honestly don't know why IT didn't contact me officially...
He dropped the issue.
software-industry coworker privacy
edited Jun 9 '17 at 19:28
Nathan L
1034
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
202
"Sorry, I forgot it"
– alroc
Jun 8 '17 at 12:22
Comments are not for extended discussion; this conversation has been moved to chat.
– Jane S♦
Jun 10 '17 at 11:15
1
It seems unlikely that an administrator can't void the licenses in the license server.
– Caleb
Jun 11 '17 at 15:58
Possible duplicate of Do I have to relinquish my PC password to my former boss?
– Masked Man
Jun 14 '17 at 9:50
@MaskedMan. There's a difference between a former boss, and a former coworker. Also is not the PC password, but the Bitlocker password.
– Code Hierarchy
Jun 15 '17 at 12:42
|
show 1 more comment
I worked for X company as an applications developer and one of my former coworkers (not my supervisor or an IT person) asked me for my BitLocker password. I left the company 2 weeks ago for a new job. I cleaned my computer, but I didn't clean my network folder. I don't have anything to hide (illegal or other non work related documents), but I don't want my coworkers accessing my data. Also, I might have SSN or other Personal Identification information in there (for the on-boarding process etc).
Is this coworker out of place asking for that information? How can I professionally decline his request?
PS. This question is not a duplicate, because it's not my former boss that is requesting the password. It is a coworker and I don't have knowledge of that being done for a previous employee that left the company. In fact none of my coworkers were allowed to keep this ex-employee laptop around 'just in case I need his data'. That computer was formatted right away when he left the company.
Resolution
I told him that:
I had wiped out my data, because of personal information, but that I had transferred important folders and files to team/shared drive.
I told him that another coworker knew which files those were and where those files were located on the shared drive.
I told him that I couldn't share my password because I used it in other accounts.
Asked him if he needed something specific and offered to go to the office and type in the password directly into the computer.
His response:
"We just needed to send the licenses for ReSharper and RedGate back to the license server so that they could be reassigned.".
My opinion; There aren't new developers since the hiring process takes ages. No one needs those licenses AFAIK. I honestly don't know why IT didn't contact me officially...
He dropped the issue.
software-industry coworker privacy
edited Jun 9 '17 at 19:28
Nathan L
1034
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
I worked for X company as an applications developer and one of my former coworkers (not my supervisor or an IT person) asked me for my BitLocker password. I left the company 2 weeks ago for a new job. I cleaned my computer, but I didn't clean my network folder. I don't have anything to hide (illegal or other non work related documents), but I don't want my coworkers accessing my data. Also, I might have SSN or other Personal Identification information in there (for the on-boarding process etc).
Is this coworker out of place asking for that information? How can I professionally decline his request?
PS. This question is not a duplicate, because it's not my former boss that is requesting the password. It is a coworker and I don't have knowledge of that being done for a previous employee that left the company. In fact none of my coworkers were allowed to keep this ex-employee laptop around 'just in case I need his data'. That computer was formatted right away when he left the company.
Resolution
I told him that:
I had wiped out my data, because of personal information, but that I had transferred important folders and files to team/shared drive.
I told him that another coworker knew which files those were and where those files were located on the shared drive.
I told him that I couldn't share my password because I used it in other accounts.
Asked him if he needed something specific and offered to go to the office and type in the password directly into the computer.
His response:
"We just needed to send the licenses for ReSharper and RedGate back to the license server so that they could be reassigned.".
My opinion; There aren't new developers since the hiring process takes ages. No one needs those licenses AFAIK. I honestly don't know why IT didn't contact me officially...
He dropped the issue.
software-industry coworker privacy
software-industry coworker privacy
edited Jun 9 '17 at 19:28
Nathan L
1034
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
edited Jun 9 '17 at 19:28
Nathan L
1034
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
edited Jun 9 '17 at 19:28
Nathan L
1034
edited Jun 9 '17 at 19:28
Nathan L
1034
edited Jun 9 '17 at 19:28
Nathan L
1034
1034
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
asked Jun 8 '17 at 12:16
Code Hierarchy
418147
418147
202
"Sorry, I forgot it"
– alroc
Jun 8 '17 at 12:22
Comments are not for extended discussion; this conversation has been moved to chat.
– Jane S♦
Jun 10 '17 at 11:15
1
It seems unlikely that an administrator can't void the licenses in the license server.
– Caleb
Jun 11 '17 at 15:58
Possible duplicate of Do I have to relinquish my PC password to my former boss?
– Masked Man
Jun 14 '17 at 9:50
@MaskedMan. There's a difference between a former boss, and a former coworker. Also is not the PC password, but the Bitlocker password.
– Code Hierarchy
Jun 15 '17 at 12:42
|
show 1 more comment
202
"Sorry, I forgot it"
– alroc
Jun 8 '17 at 12:22
Comments are not for extended discussion; this conversation has been moved to chat.
– Jane S♦
Jun 10 '17 at 11:15
1
It seems unlikely that an administrator can't void the licenses in the license server.
– Caleb
Jun 11 '17 at 15:58
Possible duplicate of Do I have to relinquish my PC password to my former boss?
– Masked Man
Jun 14 '17 at 9:50
@MaskedMan. There's a difference between a former boss, and a former coworker. Also is not the PC password, but the Bitlocker password.
– Code Hierarchy
Jun 15 '17 at 12:42
202
202
"Sorry, I forgot it"
– alroc
Jun 8 '17 at 12:22
"Sorry, I forgot it"
– alroc
Jun 8 '17 at 12:22
Comments are not for extended discussion; this conversation has been moved to chat.
– Jane S♦
Jun 10 '17 at 11:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Jane S♦
Jun 10 '17 at 11:15
1
1
It seems unlikely that an administrator can't void the licenses in the license server.
– Caleb
Jun 11 '17 at 15:58
It seems unlikely that an administrator can't void the licenses in the license server.
– Caleb
Jun 11 '17 at 15:58
Possible duplicate of Do I have to relinquish my PC password to my former boss?
– Masked Man
Jun 14 '17 at 9:50
Possible duplicate of Do I have to relinquish my PC password to my former boss?
– Masked Man
Jun 14 '17 at 9:50
@MaskedMan. There's a difference between a former boss, and a former coworker. Also is not the PC password, but the Bitlocker password.
– Code Hierarchy
Jun 15 '17 at 12:42
@MaskedMan. There's a difference between a former boss, and a former coworker. Also is not the PC password, but the Bitlocker password.
– Code Hierarchy
Jun 15 '17 at 12:42
|
show 1 more comment
7 Answers
7
active
oldest
votes
This answer is from the perspective of someone who manages information security.
You mentionned (case 1) a "Bitlocker password" so this is either the boot password for your PC, or a Bitlocker encrypted USB drive.
Then you mention (case 2) that you did not clear your "network folder" - which I assume to be a CIFS (SMB, windows) share. It cannot be encrypted with Bitlocker.
Case 1: if Bitlocker was set up with some forward thinking, the recovery key will be on Active Directory. If it is not then bad luck, they hopefully have backups. If they do no then bad-bad luck -- but in any case you should never provide your password because in that case it is YOU logging in and not someone else.
If you have some extraordinary incentives to help to recover data from this PC, you can offer to do that, provided that a clear written log of actions is maintained, and that the whole activity is generally agreed upon in writing. You come in, you unlock you computer, you copy what is required and then you lock it back.
If you do not have these incentives then you just say that you cannot give your password (which should by the way be in the information security policy, if there is one).
Case 2: data on a network share. If they cannot access them, then something is seriously wrong with the IT of this company. The same incentive-based approach as the previous one is to be used. But again, there is no Bitlocker involved so I believe that this is not the case you mention.
answered Jun 8 '17 at 18:54
WoJ
2,499912
3
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
2
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
|
show 2 more comments
I cleaned my computer, but I didn't clean my network folder
Is this coworker out of place asking for that information?
They are not out of line for needing to access whatever was left in your network folder. But there's no need to hand over your password to give them what they really need.
How can I professionally decline his request?
No need to lie about it. Just say, "Sorry, but I won't give out a password."
Offer to come to the office (or to remote in), and transfer the contents of the network folder to a shared location. Then delete any remaining (personal) contents and delete the folder, if you have that level of access.
Next time you leave a company, try to remember to transfer all company files, and nuke all personal data before exiting.
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
77
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
1
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
11
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
2
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
3
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
|
show 7 more comments
How can I professionally decline his request?
I would politely decline their request, for the reasons you stated as part of your question. Another option is to state that you forgot the password/key, as mentioned in the comments.
In the future I recommend deleting any personal or sensitive information from all the company resources (PC, Network Drives, etc) before you leave the company.
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
11
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
6
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
8
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
2
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
4
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
|
show 8 more comments
Refer them to IT
Sharing passwords is usually a bad idea - and oftentimes a violation of company policy which could get you and/or your former co-worker in trouble.
Tell them - "Ouch, sorry, I don't have it handy at the moment. You should ask IT to get you access to the drive, but all of the files on that drive should be located on the LAN at XYZ anyway. Are you looking for something specific? Maybe I can help you find it."
That protects you and them.
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
add a comment |
Is this coworker out of place asking for that information?
Yes.
How can I professionally decline his request?
"How are you, I don't have access to that any more. Anything else I can help with? Hope all is well."
Note that you literally "don't have access to it any more".
Is this coworker out of place asking for that information?
As I say "Yes", but... It's possible the person needed something specific ("that old license key we can never find!"). In that case, your best response is remains something like "Sorry, I don't have access to that any more."
Sometimes, "white lies" are the only solution. However, there is often a better way than making a "white lie". If you think about it ... you, truly, do not, in fact, 'have access to it' any more. Totally setting aside technical issues (passwords etc), it's simply not your property, business, affair or issue any more. You literally do not have access to it. Just leave it at that.
answered Jun 8 '17 at 13:05
Fattie
7,26931325
15
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
1
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
2
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
add a comment |
If they have a legitimate business reason to access some of the data in that Bitlocker (i.e. company-owned data, not your personal info) then you have to be very careful in any refusal to provide the password as depending on your locale it can end up in an absurd legal mess. You really don't want to become the next Terry Childs!
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
add a comment |
There are some nuances here that I don't think others are considering. First, it sounds like you left the company voluntarily and when you did you failed to remove licenses from your computer and created a burden on your coworkers. Having worked with a number of license management programs in the past I can assure you that checking in the license is the path of least resistance. Adobe, for example, can take an administrator an hour or so to release a license that is locked to particular hardware. Some companies, though rare, actually will not release a license and require a new purchase.
Second, and more important, did the IT department set up bitlocker on your computer? Or did you set it up without the approval of the IT department? These are completely different scenarios. As others have already said if IT set up bit locker direct your former coworker to contact IT. If you set up bitlocker then YOU have made company data unreadable and unrecoverable by your actions.
Your offer to enter the password is an excellent show of good will. Though the easiest path forward may be to remove or change the password in other places and simply e-mail it to your former boss and include that your are concerned about your personal information from the onboarding process being available to former coworkers. In truth, there isn't much difference between typing in the password for a coworker or disclosing it to them for the exposure of SSN or other personal info.
As far as a legal requirement you are in pretty good shape as long as you are willing to expend the time and expense in entering the password and/or removing the encryption. See the Terry Childs case.
answered 10 mins ago
John Michael Law
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "423"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f92368%2fmy-ex-coworker-wants-to-know-my-bitlocker-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
StackExchange.ready(function () {
$("#show-editor-button input, #show-editor-button button").click(function () {
var showEditor = function() {
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
};
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True') {
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup({
url: '/post/self-answer-popup',
loaded: function(popup) {
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
}
})
} else{
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true) {
showEditor();
}
}
});
});
7 Answers
7
active
oldest
votes
7 Answers
7
active
oldest
votes
active
oldest
votes
active
oldest
votes
This answer is from the perspective of someone who manages information security.
You mentionned (case 1) a "Bitlocker password" so this is either the boot password for your PC, or a Bitlocker encrypted USB drive.
Then you mention (case 2) that you did not clear your "network folder" - which I assume to be a CIFS (SMB, windows) share. It cannot be encrypted with Bitlocker.
Case 1: if Bitlocker was set up with some forward thinking, the recovery key will be on Active Directory. If it is not then bad luck, they hopefully have backups. If they do no then bad-bad luck -- but in any case you should never provide your password because in that case it is YOU logging in and not someone else.
If you have some extraordinary incentives to help to recover data from this PC, you can offer to do that, provided that a clear written log of actions is maintained, and that the whole activity is generally agreed upon in writing. You come in, you unlock you computer, you copy what is required and then you lock it back.
If you do not have these incentives then you just say that you cannot give your password (which should by the way be in the information security policy, if there is one).
Case 2: data on a network share. If they cannot access them, then something is seriously wrong with the IT of this company. The same incentive-based approach as the previous one is to be used. But again, there is no Bitlocker involved so I believe that this is not the case you mention.
answered Jun 8 '17 at 18:54
WoJ
2,499912
3
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
2
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
|
show 2 more comments
This answer is from the perspective of someone who manages information security.
You mentionned (case 1) a "Bitlocker password" so this is either the boot password for your PC, or a Bitlocker encrypted USB drive.
Then you mention (case 2) that you did not clear your "network folder" - which I assume to be a CIFS (SMB, windows) share. It cannot be encrypted with Bitlocker.
Case 1: if Bitlocker was set up with some forward thinking, the recovery key will be on Active Directory. If it is not then bad luck, they hopefully have backups. If they do no then bad-bad luck -- but in any case you should never provide your password because in that case it is YOU logging in and not someone else.
If you have some extraordinary incentives to help to recover data from this PC, you can offer to do that, provided that a clear written log of actions is maintained, and that the whole activity is generally agreed upon in writing. You come in, you unlock you computer, you copy what is required and then you lock it back.
If you do not have these incentives then you just say that you cannot give your password (which should by the way be in the information security policy, if there is one).
Case 2: data on a network share. If they cannot access them, then something is seriously wrong with the IT of this company. The same incentive-based approach as the previous one is to be used. But again, there is no Bitlocker involved so I believe that this is not the case you mention.
answered Jun 8 '17 at 18:54
WoJ
2,499912
3
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
2
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
|
show 2 more comments
This answer is from the perspective of someone who manages information security.
You mentionned (case 1) a "Bitlocker password" so this is either the boot password for your PC, or a Bitlocker encrypted USB drive.
Then you mention (case 2) that you did not clear your "network folder" - which I assume to be a CIFS (SMB, windows) share. It cannot be encrypted with Bitlocker.
Case 1: if Bitlocker was set up with some forward thinking, the recovery key will be on Active Directory. If it is not then bad luck, they hopefully have backups. If they do no then bad-bad luck -- but in any case you should never provide your password because in that case it is YOU logging in and not someone else.
If you have some extraordinary incentives to help to recover data from this PC, you can offer to do that, provided that a clear written log of actions is maintained, and that the whole activity is generally agreed upon in writing. You come in, you unlock you computer, you copy what is required and then you lock it back.
If you do not have these incentives then you just say that you cannot give your password (which should by the way be in the information security policy, if there is one).
Case 2: data on a network share. If they cannot access them, then something is seriously wrong with the IT of this company. The same incentive-based approach as the previous one is to be used. But again, there is no Bitlocker involved so I believe that this is not the case you mention.
answered Jun 8 '17 at 18:54
WoJ
2,499912
This answer is from the perspective of someone who manages information security.
You mentionned (case 1) a "Bitlocker password" so this is either the boot password for your PC, or a Bitlocker encrypted USB drive.
Then you mention (case 2) that you did not clear your "network folder" - which I assume to be a CIFS (SMB, windows) share. It cannot be encrypted with Bitlocker.
Case 1: if Bitlocker was set up with some forward thinking, the recovery key will be on Active Directory. If it is not then bad luck, they hopefully have backups. If they do no then bad-bad luck -- but in any case you should never provide your password because in that case it is YOU logging in and not someone else.
If you have some extraordinary incentives to help to recover data from this PC, you can offer to do that, provided that a clear written log of actions is maintained, and that the whole activity is generally agreed upon in writing. You come in, you unlock you computer, you copy what is required and then you lock it back.
If you do not have these incentives then you just say that you cannot give your password (which should by the way be in the information security policy, if there is one).
Case 2: data on a network share. If they cannot access them, then something is seriously wrong with the IT of this company. The same incentive-based approach as the previous one is to be used. But again, there is no Bitlocker involved so I believe that this is not the case you mention.
answered Jun 8 '17 at 18:54
WoJ
2,499912
edited Jun 9 '17 at 10:22
answered Jun 8 '17 at 18:54
WoJ
2,499912
answered Jun 8 '17 at 18:54
WoJ
2,499912
answered Jun 8 '17 at 18:54
WoJ
2,499912
2,499912
3
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
2
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
|
show 2 more comments
3
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
2
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
3
3
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
I used your resolution for Case 1. I wanted to err on the side of being cautious so I referred him to the files I copied to the shared team network drive. However, I offered him to also go to the office to type in the password and offer him help until he completed the 'work'.
– Code Hierarchy
Jun 8 '17 at 21:48
2
2
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
I err on the side of being paranoid :) so please try to maintain some kind of written logs (even if these are just emails)
– WoJ
Jun 8 '17 at 22:05
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@CodeHierarchy: You're not "offering him help"; you're protecting yourself.
– Lightness Races in Orbit
Jun 9 '17 at 0:02
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@WoJ it's not necessarily the boot password of the PC. You can bitlocker encrypt fixed hard disks other than the boot disk, or even additional partitions separate from the main one, and use a password that's entered after user has signed into the PC; dependent upon local or group policy settings.
– schizoid04
Jun 9 '17 at 0:43
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
@schizoid04: yes absolutely - I was referring to the fact that the encryption is local to his PC (or an attached disk), but not over the network.
– WoJ
Jun 9 '17 at 5:19
|
show 2 more comments
I cleaned my computer, but I didn't clean my network folder
Is this coworker out of place asking for that information?
They are not out of line for needing to access whatever was left in your network folder. But there's no need to hand over your password to give them what they really need.
How can I professionally decline his request?
No need to lie about it. Just say, "Sorry, but I won't give out a password."
Offer to come to the office (or to remote in), and transfer the contents of the network folder to a shared location. Then delete any remaining (personal) contents and delete the folder, if you have that level of access.
Next time you leave a company, try to remember to transfer all company files, and nuke all personal data before exiting.
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
77
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
1
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
11
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
2
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
3
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
|
show 7 more comments
I cleaned my computer, but I didn't clean my network folder
Is this coworker out of place asking for that information?
They are not out of line for needing to access whatever was left in your network folder. But there's no need to hand over your password to give them what they really need.
How can I professionally decline his request?
No need to lie about it. Just say, "Sorry, but I won't give out a password."
Offer to come to the office (or to remote in), and transfer the contents of the network folder to a shared location. Then delete any remaining (personal) contents and delete the folder, if you have that level of access.
Next time you leave a company, try to remember to transfer all company files, and nuke all personal data before exiting.
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
77
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
1
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
11
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
2
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
3
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
|
show 7 more comments
I cleaned my computer, but I didn't clean my network folder
Is this coworker out of place asking for that information?
They are not out of line for needing to access whatever was left in your network folder. But there's no need to hand over your password to give them what they really need.
How can I professionally decline his request?
No need to lie about it. Just say, "Sorry, but I won't give out a password."
Offer to come to the office (or to remote in), and transfer the contents of the network folder to a shared location. Then delete any remaining (personal) contents and delete the folder, if you have that level of access.
Next time you leave a company, try to remember to transfer all company files, and nuke all personal data before exiting.
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
I cleaned my computer, but I didn't clean my network folder
Is this coworker out of place asking for that information?
They are not out of line for needing to access whatever was left in your network folder. But there's no need to hand over your password to give them what they really need.
How can I professionally decline his request?
No need to lie about it. Just say, "Sorry, but I won't give out a password."
Offer to come to the office (or to remote in), and transfer the contents of the network folder to a shared location. Then delete any remaining (personal) contents and delete the folder, if you have that level of access.
Next time you leave a company, try to remember to transfer all company files, and nuke all personal data before exiting.
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
edited Jun 8 '17 at 13:53
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
answered Jun 8 '17 at 13:19
Joe Strazzere
243k1187081006
243k1187081006
77
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
1
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
11
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
2
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
3
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
|
show 7 more comments
77
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
1
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
11
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
2
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
3
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
77
77
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
This brings up an important point that everyone should know. Don't keep anything personal on your work computer/network that you would object to them having, in case you have to leave your computer without warning I worked for a company that was under investigation and suddenly we were told, "everyone back away from their computers immediately and do not touch the keyboards!" It was surreal. Also, you could have the same thing happen if you're suddenly fired (with or without cause, which I've also seen).
– Chris E
Jun 8 '17 at 13:47
1
1
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
@ChristopherEstep - Lesson learned. I suspect I might be in a difficult situation if I refuse to give the password since the laptop is a property of the federal government (United States).
– Code Hierarchy
Jun 8 '17 at 15:38
11
11
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
sigh @CodeHierarchy that's rather different. maybe edit your question and mention that?
– Fattie
Jun 8 '17 at 16:56
2
2
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
the problem is @djsmiley2k, really we simply have no clue of the situation. It's unfortunately totally unclear what the OP locked up or didn't lock up. (indeed, the central news that it's "the feds" has just been revealed.)
– Fattie
Jun 8 '17 at 17:24
3
3
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
@PatriciaShanahan Sometimes that's not possible. At my last permanent job, I ended up leaving in a hurry. It wasn't entirely unexpected, so I'd had time to prepare in advance, but I could only do so much. Essentially when I gave notice my boss then threw me out of the office. He wouldn't let me delete remaining personal information and I had to invoke a failsafe: shutting down the computer. Even doing that caused him to attempt to take keyboard and mouse away from me. I did get a call from my coworker a day later asking for the pw. I declined and told him where the data he needed was instead.
– Draco18s
Jun 8 '17 at 18:42
|
show 7 more comments
How can I professionally decline his request?
I would politely decline their request, for the reasons you stated as part of your question. Another option is to state that you forgot the password/key, as mentioned in the comments.
In the future I recommend deleting any personal or sensitive information from all the company resources (PC, Network Drives, etc) before you leave the company.
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
11
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
6
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
8
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
2
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
4
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
|
show 8 more comments
How can I professionally decline his request?
I would politely decline their request, for the reasons you stated as part of your question. Another option is to state that you forgot the password/key, as mentioned in the comments.
In the future I recommend deleting any personal or sensitive information from all the company resources (PC, Network Drives, etc) before you leave the company.
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
11
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
6
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
8
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
2
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
4
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
|
show 8 more comments
How can I professionally decline his request?
I would politely decline their request, for the reasons you stated as part of your question. Another option is to state that you forgot the password/key, as mentioned in the comments.
In the future I recommend deleting any personal or sensitive information from all the company resources (PC, Network Drives, etc) before you leave the company.
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
How can I professionally decline his request?
I would politely decline their request, for the reasons you stated as part of your question. Another option is to state that you forgot the password/key, as mentioned in the comments.
In the future I recommend deleting any personal or sensitive information from all the company resources (PC, Network Drives, etc) before you leave the company.
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
edited Jun 9 '17 at 14:46
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
answered Jun 8 '17 at 12:21
Mister Positive
60.2k31198240
60.2k31198240
11
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
6
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
8
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
2
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
4
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
|
show 8 more comments
11
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
6
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
8
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
2
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
4
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
11
11
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
Or better yet, don't keep them on company resources in the first place. usb drives, cloud storage and phones are good alternatives.
– Chris E
Jun 8 '17 at 13:52
6
6
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
Most people don't think about it, but your passwords are personal data. Before leaving a company you probably should change your password and give the new one to your supervisor.
– Nelson
Jun 8 '17 at 16:22
8
8
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
@Nelson Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues.
– JMac
Jun 8 '17 at 18:40
2
2
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
@JMac: No, they don't, if the hard disk is encrypted, which (as was the point of my comment) it should be. Once the employee has left either the password is changed/revealed (in which case all the data is available by definition and the topic is moot), or the data is erased and the laptop "refurbished" for use by the next employee. In short, in my response to your comment "Honestly, if your company has no way to access files on a work computer without their employees personal passwords, they have bigger issues", I'm saying "no, the company should actually have no physical way to do this".
– Lightness Races in Orbit
Jun 9 '17 at 0:24
4
4
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
@BoundaryImposition Enterprise implementations of full disk encryption typically have (optional) master/recovery key data to allow decryption of disks without the user password, e.g. for Bitlocker. You are completely correct that this has little to do with accounts on the machine since this all happens before before the OS is even booted at least in the case of full disk encryption. The use-case of decrypting drives after an employee has left is explicitly mentioned in the link.
– Derek Elkins
Jun 9 '17 at 3:46
|
show 8 more comments
Refer them to IT
Sharing passwords is usually a bad idea - and oftentimes a violation of company policy which could get you and/or your former co-worker in trouble.
Tell them - "Ouch, sorry, I don't have it handy at the moment. You should ask IT to get you access to the drive, but all of the files on that drive should be located on the LAN at XYZ anyway. Are you looking for something specific? Maybe I can help you find it."
That protects you and them.
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
add a comment |
Refer them to IT
Sharing passwords is usually a bad idea - and oftentimes a violation of company policy which could get you and/or your former co-worker in trouble.
Tell them - "Ouch, sorry, I don't have it handy at the moment. You should ask IT to get you access to the drive, but all of the files on that drive should be located on the LAN at XYZ anyway. Are you looking for something specific? Maybe I can help you find it."
That protects you and them.
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
add a comment |
Refer them to IT
Sharing passwords is usually a bad idea - and oftentimes a violation of company policy which could get you and/or your former co-worker in trouble.
Tell them - "Ouch, sorry, I don't have it handy at the moment. You should ask IT to get you access to the drive, but all of the files on that drive should be located on the LAN at XYZ anyway. Are you looking for something specific? Maybe I can help you find it."
That protects you and them.
Refer them to IT
Sharing passwords is usually a bad idea - and oftentimes a violation of company policy which could get you and/or your former co-worker in trouble.
Tell them - "Ouch, sorry, I don't have it handy at the moment. You should ask IT to get you access to the drive, but all of the files on that drive should be located on the LAN at XYZ anyway. Are you looking for something specific? Maybe I can help you find it."
That protects you and them.
answered Jun 8 '17 at 18:55
user45269
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
add a comment |
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
And leave it at that. You don't work there anymore. It's their data anyway. You don't owe anybody anything, not an excuse, an explanation, certainly not a lie.
– quadruplebucky
Jun 11 '17 at 13:07
add a comment |
Is this coworker out of place asking for that information?
Yes.
How can I professionally decline his request?
"How are you, I don't have access to that any more. Anything else I can help with? Hope all is well."
Note that you literally "don't have access to it any more".
Is this coworker out of place asking for that information?
As I say "Yes", but... It's possible the person needed something specific ("that old license key we can never find!"). In that case, your best response is remains something like "Sorry, I don't have access to that any more."
Sometimes, "white lies" are the only solution. However, there is often a better way than making a "white lie". If you think about it ... you, truly, do not, in fact, 'have access to it' any more. Totally setting aside technical issues (passwords etc), it's simply not your property, business, affair or issue any more. You literally do not have access to it. Just leave it at that.
answered Jun 8 '17 at 13:05
Fattie
7,26931325
15
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
1
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
2
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
add a comment |
Is this coworker out of place asking for that information?
Yes.
How can I professionally decline his request?
"How are you, I don't have access to that any more. Anything else I can help with? Hope all is well."
Note that you literally "don't have access to it any more".
Is this coworker out of place asking for that information?
As I say "Yes", but... It's possible the person needed something specific ("that old license key we can never find!"). In that case, your best response is remains something like "Sorry, I don't have access to that any more."
Sometimes, "white lies" are the only solution. However, there is often a better way than making a "white lie". If you think about it ... you, truly, do not, in fact, 'have access to it' any more. Totally setting aside technical issues (passwords etc), it's simply not your property, business, affair or issue any more. You literally do not have access to it. Just leave it at that.
answered Jun 8 '17 at 13:05
Fattie
7,26931325
15
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
1
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
2
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
add a comment |
Is this coworker out of place asking for that information?
Yes.
How can I professionally decline his request?
"How are you, I don't have access to that any more. Anything else I can help with? Hope all is well."
Note that you literally "don't have access to it any more".
Is this coworker out of place asking for that information?
As I say "Yes", but... It's possible the person needed something specific ("that old license key we can never find!"). In that case, your best response is remains something like "Sorry, I don't have access to that any more."
Sometimes, "white lies" are the only solution. However, there is often a better way than making a "white lie". If you think about it ... you, truly, do not, in fact, 'have access to it' any more. Totally setting aside technical issues (passwords etc), it's simply not your property, business, affair or issue any more. You literally do not have access to it. Just leave it at that.
answered Jun 8 '17 at 13:05
Fattie
7,26931325
Is this coworker out of place asking for that information?
Yes.
How can I professionally decline his request?
"How are you, I don't have access to that any more. Anything else I can help with? Hope all is well."
Note that you literally "don't have access to it any more".
Is this coworker out of place asking for that information?
As I say "Yes", but... It's possible the person needed something specific ("that old license key we can never find!"). In that case, your best response is remains something like "Sorry, I don't have access to that any more."
Sometimes, "white lies" are the only solution. However, there is often a better way than making a "white lie". If you think about it ... you, truly, do not, in fact, 'have access to it' any more. Totally setting aside technical issues (passwords etc), it's simply not your property, business, affair or issue any more. You literally do not have access to it. Just leave it at that.
answered Jun 8 '17 at 13:05
Fattie
7,26931325
edited Jun 12 '17 at 19:19
answered Jun 8 '17 at 13:05
Fattie
7,26931325
answered Jun 8 '17 at 13:05
Fattie
7,26931325
answered Jun 8 '17 at 13:05
Fattie
7,26931325
7,26931325
15
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
1
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
2
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
add a comment |
15
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
1
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
2
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
15
15
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
"A fantastic lesson in business" is that it's a bad idea to burn bridges by responding with cryptic seemingly-passive-aggressive answers to simple requests or saying things that will make people think you're lying to them, especially if you want to use those people as references.
– Dukeling
Jun 8 '17 at 16:26
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
Federal government enforces good practices and to the surprise of everyone if I asked to the IT security people of my department I'm pretty sure they should have asked me to go to the office or to simply reject the request. The feds aren't bad, and contrary to popular belief they protect those employees that want to stand their ground when they believe something is wrong. The office of ethics and bla bla bla gets involved and all that. Thankfully it was a honest mistake from his behalf asking to share a password on an e-mail.
– Code Hierarchy
Jun 9 '17 at 11:28
1
1
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
@Fattie. Remember I'm not an employee. I'm an ex-employee;therefore the presumption that now I'm not longer protected is still there. It was a valid question and we had to look for all the angles. In this case it would have been his word against mine.
– Code Hierarchy
Jun 9 '17 at 11:59
2
2
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
@Dukeling Another comment that you're right, you don't want to come off as passive aggressive. If the OP has an issue with the white lie of "I've forgotten it" and really wants to double-down on the inappropriateness of the asking, "I can't tell you the password, it is a violation of company policy, and if I violate company policy as a terminated employee, it would certainly look like I was trying to hurt the company out of spite. Now, is there another way I can help you without risking legal action against me for divulging passwords?" And be very careful about the tone when saying it.
– Edwin Buck
Jun 12 '17 at 18:53
add a comment |
If they have a legitimate business reason to access some of the data in that Bitlocker (i.e. company-owned data, not your personal info) then you have to be very careful in any refusal to provide the password as depending on your locale it can end up in an absurd legal mess. You really don't want to become the next Terry Childs!
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
add a comment |
If they have a legitimate business reason to access some of the data in that Bitlocker (i.e. company-owned data, not your personal info) then you have to be very careful in any refusal to provide the password as depending on your locale it can end up in an absurd legal mess. You really don't want to become the next Terry Childs!
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
add a comment |
If they have a legitimate business reason to access some of the data in that Bitlocker (i.e. company-owned data, not your personal info) then you have to be very careful in any refusal to provide the password as depending on your locale it can end up in an absurd legal mess. You really don't want to become the next Terry Childs!
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
If they have a legitimate business reason to access some of the data in that Bitlocker (i.e. company-owned data, not your personal info) then you have to be very careful in any refusal to provide the password as depending on your locale it can end up in an absurd legal mess. You really don't want to become the next Terry Childs!
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
edited Jun 8 '17 at 13:48
Chris E
40.8k22131167
40.8k22131167
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
answered Jun 8 '17 at 13:19
motosubatsu
42.9k22107172
42.9k22107172
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
add a comment |
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
ha! It is with government...
– Code Hierarchy
Jun 8 '17 at 14:53
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
Terry Childs changed all passwords to prevent access to city-owned equipment. Definitely not the OP's case.
– tricasse
Jun 10 '17 at 22:23
add a comment |
There are some nuances here that I don't think others are considering. First, it sounds like you left the company voluntarily and when you did you failed to remove licenses from your computer and created a burden on your coworkers. Having worked with a number of license management programs in the past I can assure you that checking in the license is the path of least resistance. Adobe, for example, can take an administrator an hour or so to release a license that is locked to particular hardware. Some companies, though rare, actually will not release a license and require a new purchase.
Second, and more important, did the IT department set up bitlocker on your computer? Or did you set it up without the approval of the IT department? These are completely different scenarios. As others have already said if IT set up bit locker direct your former coworker to contact IT. If you set up bitlocker then YOU have made company data unreadable and unrecoverable by your actions.
Your offer to enter the password is an excellent show of good will. Though the easiest path forward may be to remove or change the password in other places and simply e-mail it to your former boss and include that your are concerned about your personal information from the onboarding process being available to former coworkers. In truth, there isn't much difference between typing in the password for a coworker or disclosing it to them for the exposure of SSN or other personal info.
As far as a legal requirement you are in pretty good shape as long as you are willing to expend the time and expense in entering the password and/or removing the encryption. See the Terry Childs case.
answered 10 mins ago
John Michael Law
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
There are some nuances here that I don't think others are considering. First, it sounds like you left the company voluntarily and when you did you failed to remove licenses from your computer and created a burden on your coworkers. Having worked with a number of license management programs in the past I can assure you that checking in the license is the path of least resistance. Adobe, for example, can take an administrator an hour or so to release a license that is locked to particular hardware. Some companies, though rare, actually will not release a license and require a new purchase.
Second, and more important, did the IT department set up bitlocker on your computer? Or did you set it up without the approval of the IT department? These are completely different scenarios. As others have already said if IT set up bit locker direct your former coworker to contact IT. If you set up bitlocker then YOU have made company data unreadable and unrecoverable by your actions.
Your offer to enter the password is an excellent show of good will. Though the easiest path forward may be to remove or change the password in other places and simply e-mail it to your former boss and include that your are concerned about your personal information from the onboarding process being available to former coworkers. In truth, there isn't much difference between typing in the password for a coworker or disclosing it to them for the exposure of SSN or other personal info.
As far as a legal requirement you are in pretty good shape as long as you are willing to expend the time and expense in entering the password and/or removing the encryption. See the Terry Childs case.
answered 10 mins ago
John Michael Law
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
There are some nuances here that I don't think others are considering. First, it sounds like you left the company voluntarily and when you did you failed to remove licenses from your computer and created a burden on your coworkers. Having worked with a number of license management programs in the past I can assure you that checking in the license is the path of least resistance. Adobe, for example, can take an administrator an hour or so to release a license that is locked to particular hardware. Some companies, though rare, actually will not release a license and require a new purchase.
Second, and more important, did the IT department set up bitlocker on your computer? Or did you set it up without the approval of the IT department? These are completely different scenarios. As others have already said if IT set up bit locker direct your former coworker to contact IT. If you set up bitlocker then YOU have made company data unreadable and unrecoverable by your actions.
Your offer to enter the password is an excellent show of good will. Though the easiest path forward may be to remove or change the password in other places and simply e-mail it to your former boss and include that your are concerned about your personal information from the onboarding process being available to former coworkers. In truth, there isn't much difference between typing in the password for a coworker or disclosing it to them for the exposure of SSN or other personal info.
As far as a legal requirement you are in pretty good shape as long as you are willing to expend the time and expense in entering the password and/or removing the encryption. See the Terry Childs case.
answered 10 mins ago
John Michael Law
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
There are some nuances here that I don't think others are considering. First, it sounds like you left the company voluntarily and when you did you failed to remove licenses from your computer and created a burden on your coworkers. Having worked with a number of license management programs in the past I can assure you that checking in the license is the path of least resistance. Adobe, for example, can take an administrator an hour or so to release a license that is locked to particular hardware. Some companies, though rare, actually will not release a license and require a new purchase.
Second, and more important, did the IT department set up bitlocker on your computer? Or did you set it up without the approval of the IT department? These are completely different scenarios. As others have already said if IT set up bit locker direct your former coworker to contact IT. If you set up bitlocker then YOU have made company data unreadable and unrecoverable by your actions.
Your offer to enter the password is an excellent show of good will. Though the easiest path forward may be to remove or change the password in other places and simply e-mail it to your former boss and include that your are concerned about your personal information from the onboarding process being available to former coworkers. In truth, there isn't much difference between typing in the password for a coworker or disclosing it to them for the exposure of SSN or other personal info.
As far as a legal requirement you are in pretty good shape as long as you are willing to expend the time and expense in entering the password and/or removing the encryption. See the Terry Childs case.
answered 10 mins ago
John Michael Law
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
John Michael Law
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
John Michael Law
11
answered 10 mins ago
John Michael Law
11
11
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
John Michael Law is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to The Workplace Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f92368%2fmy-ex-coworker-wants-to-know-my-bitlocker-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
202
"Sorry, I forgot it"
– alroc
Jun 8 '17 at 12:22
Comments are not for extended discussion; this conversation has been moved to chat.
– Jane S♦
Jun 10 '17 at 11:15
1
It seems unlikely that an administrator can't void the licenses in the license server.
– Caleb
Jun 11 '17 at 15:58
Possible duplicate of Do I have to relinquish my PC password to my former boss?
– Masked Man
Jun 14 '17 at 9:50
@MaskedMan. There's a difference between a former boss, and a former coworker. Also is not the PC password, but the Bitlocker password.
– Code Hierarchy
Jun 15 '17 at 12:42