IT reset my password so I can get back in Windows 7, did they see my previous password? [on hold]
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty{ margin-bottom:0;
}
up vote
-5
down vote
favorite
I have a bad habit of worrying a lot but I have a question for all you IT people.
I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.
The error was something like the referenced account is locked and cannot be logged on.
I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.
My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?
And do they ever see any of my passwords?
software-industry
New contributor
put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago
- This question does not appear to be about the workplace within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.
|
show 9 more comments
up vote
-5
down vote
favorite
I have a bad habit of worrying a lot but I have a question for all you IT people.
I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.
The error was something like the referenced account is locked and cannot be logged on.
I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.
My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?
And do they ever see any of my passwords?
software-industry
New contributor
put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago
- This question does not appear to be about the workplace within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.
Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday
Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday
Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday
3
This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday
4
I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday
|
show 9 more comments
up vote
-5
down vote
favorite
up vote
-5
down vote
favorite
I have a bad habit of worrying a lot but I have a question for all you IT people.
I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.
The error was something like the referenced account is locked and cannot be logged on.
I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.
My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?
And do they ever see any of my passwords?
software-industry
New contributor
I have a bad habit of worrying a lot but I have a question for all you IT people.
I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.
The error was something like the referenced account is locked and cannot be logged on.
I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.
My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?
And do they ever see any of my passwords?
software-industry
software-industry
New contributor
New contributor
edited yesterday
BSMP
3,5141327
3,5141327
New contributor
asked yesterday
Steve P
41
41
New contributor
New contributor
put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago
- This question does not appear to be about the workplace within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.
put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago
- This question does not appear to be about the workplace within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.
Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday
Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday
Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday
3
This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday
4
I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday
|
show 9 more comments
Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday
Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday
Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday
3
This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday
4
I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday
Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday
Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday
Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday
Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday
Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday
Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday
3
3
This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday
This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday
4
4
I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday
I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday
|
show 9 more comments
4 Answers
4
active
oldest
votes
up vote
3
down vote
Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.
Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.
This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.
Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
1
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
add a comment |
up vote
2
down vote
In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.
This means nobody can see the password because it isn't saved anywhere.
And do they ever see any of my passwords?
I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.
That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
add a comment |
up vote
-1
down vote
IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.
Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).
If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.
If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
add a comment |
up vote
-1
down vote
If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.
Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.
This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.
Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
1
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
add a comment |
up vote
3
down vote
Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.
Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.
This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.
Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
1
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
add a comment |
up vote
3
down vote
up vote
3
down vote
Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.
Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.
This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.
Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.
Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.
Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.
This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.
Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.
edited yesterday
answered yesterday
Robert Harvey
2,60821326
2,60821326
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
1
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
add a comment |
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
1
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday
1
1
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago
add a comment |
up vote
2
down vote
In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.
This means nobody can see the password because it isn't saved anywhere.
And do they ever see any of my passwords?
I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.
That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
add a comment |
up vote
2
down vote
In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.
This means nobody can see the password because it isn't saved anywhere.
And do they ever see any of my passwords?
I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.
That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
add a comment |
up vote
2
down vote
up vote
2
down vote
In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.
This means nobody can see the password because it isn't saved anywhere.
And do they ever see any of my passwords?
I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.
That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.
In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.
This means nobody can see the password because it isn't saved anywhere.
And do they ever see any of my passwords?
I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.
That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.
answered yesterday
puck
1,191110
1,191110
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
add a comment |
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday
add a comment |
up vote
-1
down vote
IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.
Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).
If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.
If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
add a comment |
up vote
-1
down vote
IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.
Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).
If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.
If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
add a comment |
up vote
-1
down vote
up vote
-1
down vote
IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.
Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).
If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.
If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)
IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.
Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).
If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.
If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)
answered yesterday
Snow♦
56.2k48182227
56.2k48182227
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
add a comment |
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow♦
17 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago
add a comment |
up vote
-1
down vote
If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
add a comment |
up vote
-1
down vote
If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
add a comment |
up vote
-1
down vote
up vote
-1
down vote
If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.
If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.
answered yesterday
gnasher729
78.6k34143248
78.6k34143248
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
add a comment |
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago
add a comment |
Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday
Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday
Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday
3
This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday
4
I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday