| ▲ | kstrauser 16 hours ago |
| Good grief. This is also part of the reason why I have a pact with my coworkers: if I’m terminated, kill my access immediately and universally, and I’ll do the same for them. I don’t even want to have the ability to look at stuff anymore. Remove any shred of possibility that I could get into shenanigans later. |
|
| ▲ | everforward 15 hours ago | parent | next [-] |
| I also follow the closely related addendum: I do not want standing admin access to your system, unless I need it often enough it really impacts my productivity. Doubly so if it's not hooked up to SSO. If the database gets breached, I don't want my name on the list of people who had the admin password. Most big businesses are good about that, but I've helped a couple family members with their business' WordPress and just have standing access that I really don't want. They don't want to juggle activating/de-activating my account though, so /shrug. |
| |
| ▲ | kstrauser 15 hours ago | parent [-] | | Same all around for me. I have a couple of longstanding accounts on local businesses I help out, but it’s all via VPNs that send the owner an email when I connect. I also refuse to do any work unless they ask me in writing. Text is OK, and I screenshot it. “Why did you give such-and-such rights to that employee?” “I have it in writing where the owner asked me to, Your Honor.” This has never come up before, but it’s easy enough to be diligent about it. Also: I keep a little paper notebook where I log the work I do for everyone, and occasionally have someone else sign and date it. It’s basically a cheap blockchain IRL. “How do you know you did this before you stopped doing work for them?” “Because the owner signed and dated the logbook after I did the work but before they hired the new IT person.” I’m suuuuuper nitpicky about diligence in all this, for the protection of everyone involved, and especially me. |
|
|
| ▲ | dsr_ 16 hours ago | parent | prev | next [-] |
| That shouldn't require a pact, that should be part of the standard check list for ending employment. (The list is longer for those who have root, but it should still be a list.) |
| |
| ▲ | kstrauser 15 hours ago | parent [-] | | For sure, and I’m often the one who makes the list, and one with root. But the big thing is to do it quickly, like within the hour, and diligently. Don’t say, oh, I’ll give him a chance to access his email and download stuff, or whatever. No! Like, cut me off completely right now. Then, if something breaks down the road, there’s no temptation for them to wonder if I had anything to do with that weird failure. (And obviously, don’t freaking hack your ex employers! But also don’t even leave the impression that you could.) | | |
| ▲ | terminalshort 14 hours ago | parent | next [-] | | I agree with the overall point. (And WTH would you ever have things you need to download in your work email?) But there's not an employer I have ever left that I couldn't have done extensive damage to without any permissions at all. Not that I would ever add a felony charge to even the most bitter firing, but I could. | | |
| ▲ | nerdsniper 13 hours ago | parent | next [-] | | > And WTH would you ever have things you need to download in your work email? Because you got a university email as a student 20-30 years ago back when .edu emails were "for life". Then you started working at the university as a staff-person under the same email. Then 20-30 years later you're leaving, and much of your digital identity is inextricably linked to that old "personal" email. | | | |
| ▲ | kstrauser 14 hours ago | parent | prev [-] | | I'm sure that's probably true for all of us, to some extent. Things holding me back: 1. It's wrong. That's not how my parents raised me. 2. I value and protect my reputation. 3. I want to be able to have another job in the field without being permanently deny-listed. 4. Prison sounds awful. |
| |
| ▲ | vidarh 14 hours ago | parent | prev [-] | | Yeah, I usually stress to employers and clients that I want to be cut off quickly, and usually remind them of what they need to lock me out of when I leave. Even then, I've had clients for whom things have broken come to me in despair hoping I'd kept access. The day one of them for whatever reason decides to suspect that I was the one to break things, I will be very happy to be able to point to consistently having done what I can to ensure I get locked out. | | |
| ▲ | kstrauser 14 hours ago | parent [-] | | I've had that, too! Fairly recently, an ex client who sold their business to someone with a full-time IT staff asked me if I had the password to unlock their NAS. No, I didn't. I turned all those over to the IT staff, strongly recommended that they change them, and deleted my local copies. Sorry, but no, I can't help you with that. |
|
|
|
|
| ▲ | Almondsetat 15 hours ago | parent | prev [-] |
| This is exactly what all big corporations (rightly) do, and when layoffs come around you see waves of people making sob stories about how nobody told them and suddenly their work laptop stopped working from one minute to the next, or they didn't even let them inside the office because they were terminated during their morning commute. |
| |
| ▲ | kstrauser 14 hours ago | parent [-] | | Yeah. That’s actually a favor in disguise. Now they can’t accuse you of stealing or destroying stuff on your way out. BTW, last time I posted stuff like this, someone thought I was treating this like an alibi: “ah ha! Now I can run amok and not get blamed for it!” No. Don’t do that, lest ye end up with a felony and permanent unemployability. I just mean that when things inevitably break due to natural entropy, the first question is often of who had access, and you don’t ever want your name to be on that list. |
|
