[REPOST] Our head of IT needed a new password, and an explanation of due process
[REPOST]
I work in a helpdesk hotline for an international company of around 50.000 employees. To understand why I felt such glee when our head of IT called about needing her password reset, I'll have to explain a bit of backstory.
We've been handling the 1st level servicedesk for all sites around the globe, mainly Europe, North America and Singapore for the better part of a decade now. As you can probably imagine, working in a contractor-based helpdesk (meaning we're not part of the actual company but instead are employees of the call center) will involve a lot of sucking up. New tools are introduced for the users to utilise but they're complete shit, borderline useless and lack features the old software had? Suck it up. Process is unclear, nonsensical or just plain dumb? Suck it up, you can give feedback, but we're sure as hell gonna ignore the heck out of it.
So after around 10 years of sucking up and working with what we got, our service department got outsourced to the cheapest competitor available. A real slap in the face against us. No helpdesk is ever perfect (especially since we’re all underpaid unmotivated IT grunts), but we always thrived to meet our targets and get work done. Subsequently, everyone hated the change of IT service providers, except for company treasury. Service quality plummeted, most of our guys lost their jobs and only half a dozen of us still work in our original jobs since the new IT Service is so ludicrously bad, our rampdown has been delayed for close to a year now so at least SOMEONE knows what they're doing and gets shit done in 1st lvl servicedesk.
You can imagine the jaws dropping when the architect for the whole IT restructuring got an award for her work in saving the company money (which they probably lost again due to every OTHER department having significantly more IT related issues that are just not being solved). It was no fancy, well-known award, but it involved red carpet and a gala. For basically ruining IT service.
So this award winning architect of IT-doom calls me this one night, because she's forgotten something basic: changing her password before it had been expired for too long. She is now on an important business trip to oversee the last regions we're servicing being converted to the new service provider. And now she couldn't get any work done, because she couldn't access her laptop.
As I mentioned earlier, the tools and processes we have to use are bonkers. Sometimes you could work around them. But in my case, I was too happy to tell her: "nope, I can not generate a new password for you since you haven't accessed the password self service tool before." Dumbfounded, she replied "What? You can not reset my password, because I have not accessed the password tool previously, which I now can not do because I don't have a valid password to access the tool with?" I smiled to myself as I continued: "Exactly that. Since we've lost our tools to reset passwords manually, the only other alternative is sending an automatically generated email to your manager, who will have to bother resetting the password for you." A realisation struck her then. These managers of hers...are all just one step below the CEO. They're in the executive committee, busy people. And I would need to send them an email, asking them to kindly run after the password reset for her to do her job. All because she ignored her frequent password change prompts. It was glorious. Sure, I still knew a way of resetting the password manually. But I sure as hell wasn't gonna put my ass on the line for that to happen. Wasn't allowed by the process, too. "Isn't there any other person you could send this mail to?", she asked. And I confirmed, sure, I could, to the manager one step above that. Which would mean the CEO himself.
She was not amused.
She refrained from threats, but when customers ask for your name with clenched teeth, it's usually not because they're smiling so hard. In a frantic tone, she declared all of this process to be nonsense (nonsense we had to work with over the last 7 months, so yeah, no shit) and all but ordered me to send her the password manually to her private phone number. To which I calmly replied, miss, as head of IT and processes, of course you know I'm not allowed to do that. In addition to not having the technical means." The rest of the call was fairly straightforward. She'd promise to send me a mail with an exception authorisation so I could reset the password for her in particular. to which I told her if that's what she intends for us to do: set passwords for anyone claiming to be head of IT and almost threatening me. I mean, I know it was her since I knew her voice as our head of IT's and the phone number matched, but still. After a bit more skirmishing she brought up the "YOU'RE REFUSING TO HELP ME" argument to which I countered the only possible thing left for me to do is open a ticket for the 2nd level and have them figure out a way to get her a simple password. She ended the call angrily soon after.
The ticket about getting her a password is still not resolved by the way. Guess we're not the only department with a grudge against her.
In a frantic tone, she declared all of this process to be nonsense (nonsense we had to work with over the last 7 months, so yeah, no shit) and all but ordered me to send her the password manually to her private phone number.
Execs always want security for everyone else except them.
Sounds pretty fake, she can directly call anyone who reports to her as she manages them, they have the admin privilege to reset passwords for her. I also work in IT.