IT reset my password so I can get back in Windows 7, did they see my previous password? [on hold]





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty{ margin-bottom:0;
}






up vote
-5
down vote

favorite












I have a bad habit of worrying a lot but I have a question for all you IT people.



I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.



The error was something like the referenced account is locked and cannot be logged on.



I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.



My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?



And do they ever see any of my passwords?










share|improve this question









New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago



  • This question does not appear to be about the workplace within the scope defined in the help center.

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
    – BrianH
    yesterday










  • Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
    – Steve P
    yesterday










  • Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
    – BrianH
    yesterday






  • 3




    This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
    – Brandin
    yesterday






  • 4




    I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
    – Philip Kendall
    yesterday

















up vote
-5
down vote

favorite












I have a bad habit of worrying a lot but I have a question for all you IT people.



I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.



The error was something like the referenced account is locked and cannot be logged on.



I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.



My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?



And do they ever see any of my passwords?










share|improve this question









New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago



  • This question does not appear to be about the workplace within the scope defined in the help center.

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
    – BrianH
    yesterday










  • Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
    – Steve P
    yesterday










  • Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
    – BrianH
    yesterday






  • 3




    This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
    – Brandin
    yesterday






  • 4




    I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
    – Philip Kendall
    yesterday













up vote
-5
down vote

favorite









up vote
-5
down vote

favorite











I have a bad habit of worrying a lot but I have a question for all you IT people.



I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.



The error was something like the referenced account is locked and cannot be logged on.



I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.



My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?



And do they ever see any of my passwords?










share|improve this question









New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I have a bad habit of worrying a lot but I have a question for all you IT people.



I work in a company that uses Windows 7. I forgot my password or entered in the incorrect one way too many times so I was locked out.



The error was something like the referenced account is locked and cannot be logged on.



I told my manger and he opened a help desk ticket. IT gave me a new password to put in which after I put it in it allowed me to change it to whatever I want.



My concern is, did IT see my password that I had previously? Like what did they do and how?
And will they see what password I change it to after I log in?



And do they ever see any of my passwords?







software-industry






share|improve this question









New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited yesterday









BSMP

3,5141327




3,5141327






New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Steve P

41




41




New contributor




Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Steve P is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago



  • This question does not appear to be about the workplace within the scope defined in the help center.

If this question can be reworded to fit the rules in the help center, please edit the question.




put on hold as off-topic by Philip Kendall, jcmack, gnat, Mawg, yoozer8 19 hours ago



  • This question does not appear to be about the workplace within the scope defined in the help center.

If this question can be reworded to fit the rules in the help center, please edit the question.












  • Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
    – BrianH
    yesterday










  • Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
    – Steve P
    yesterday










  • Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
    – BrianH
    yesterday






  • 3




    This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
    – Brandin
    yesterday






  • 4




    I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
    – Philip Kendall
    yesterday


















  • Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
    – BrianH
    yesterday










  • Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
    – Steve P
    yesterday










  • Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
    – BrianH
    yesterday






  • 3




    This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
    – Brandin
    yesterday






  • 4




    I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
    – Philip Kendall
    yesterday
















Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday




Just to be safe - regardless of how the system should be, you should not assume for certain that they cannot access your current, present, or future passwords. Good design would mean they can't, but there is plenty of bad design in the world - some due to ineptness, some to malice. If there is some particularly threat you are concerned about (say, that your password is "MyBossSucks"), it would help if you add that to the question so people can try to better address your concerns rather than the pure "is it possible" scenario you have now.
– BrianH
yesterday












Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday




Well I was just upset that it got to the point where I had to reach out for IT to reset my password like I tried my best to guess my password then it locked me out and o even waited sometime and tried the password again but it still locked me out so my concern is now that they reset my password like do they know what it was before I and is there any harm in them resetting my password mike are they going to monitor my computer now or like how was the process that they reset m password what did they do?
– Steve P
yesterday












Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday




Having worked in IT, at most places resetting a password is incredibly common (perhaps the most common IT task of all), and most places don't make a big deal of it or anything like that. Bigger places develop an automatic system where you can reset it yourself precisely because it is so annoyingly common. If you assume a reasonable, normal, healthy IT system, they just click a few buttons and the system generates a special reset password that requires you manually change it when you next login, no one involves sees any actual passwords, etc. But many companies do log passwords, regardless.
– BrianH
yesterday




3




3




This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday




This question is not about the workplace, it is a technical question. Maybe security.stackexchange.com would be better for this.
– Brandin
yesterday




4




4




I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday




I'm voting to close this question as off-topic because it is an IT / information security question much more than a question about navigating the workplace.
– Philip Kendall
yesterday










4 Answers
4






active

oldest

votes

















up vote
3
down vote













Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.



Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.



This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.



Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.






share|improve this answer























  • Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
    – Steve P
    yesterday






  • 1




    You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
    – Moo
    yesterday










  • @Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
    – Robert Harvey
    21 hours ago




















up vote
2
down vote













In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.

This means nobody can see the password because it isn't saved anywhere.




And do they ever see any of my passwords?




I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.

That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.






share|improve this answer





















  • This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
    – Moo
    yesterday










  • I think that replacing the default Windows password behaviour would be rather difficult to do
    – Mawg
    yesterday


















up vote
-1
down vote













IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.



Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).



If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.



If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)






share|improve this answer





















  • that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
    – jwenting
    yesterday










  • So you suggest change my work system passwords and make them different than my personal ones right?
    – Steve P
    17 hours ago










  • It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
    – Snow
    17 hours ago










  • My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
    – Steve P
    15 hours ago












  • Thank you and how long does IT keep a log of it like that they had to reset my password???
    – Steve P
    9 hours ago


















up vote
-1
down vote













If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.






share|improve this answer





















  • How about applications you use in the computers like adp and stuff can theysee that password?
    – Steve P
    17 hours ago










  • Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
    – Steve P
    15 hours ago


















4 Answers
4






active

oldest

votes








4 Answers
4






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
3
down vote













Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.



Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.



This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.



Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.






share|improve this answer























  • Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
    – Steve P
    yesterday






  • 1




    You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
    – Moo
    yesterday










  • @Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
    – Robert Harvey
    21 hours ago

















up vote
3
down vote













Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.



Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.



This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.



Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.






share|improve this answer























  • Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
    – Steve P
    yesterday






  • 1




    You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
    – Moo
    yesterday










  • @Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
    – Robert Harvey
    21 hours ago















up vote
3
down vote










up vote
3
down vote









Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.



Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.



This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.



Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.






share|improve this answer














Windows does not store your password. What it stores is a cryptographically-strong hash of your password. When you enter your password to log in, Windows computes the hash of the password you entered and compares it to the stored hash.



Hashes are designed so that they cannot be reverse-engineered. You can't get back the original password from a hash.



This form of hashing is required for systems to conform to non-repudiation requirements. Non-repudiation is the ability of a system to prove that you are who you say you are, and that you were the one who performed the actions you did on the system while you were logged in. That kind of non-repudiation cannot happen if it is possible for someone else (even an administrator) to retrieve your password.



Not all systems are secured in this way. Poorly designed websites and other applications can store password in a database in the clear, or provide insufficient salting to withstand rainbow attacks.







share|improve this answer














share|improve this answer



share|improve this answer








edited yesterday

























answered yesterday









Robert Harvey

2,60821326




2,60821326












  • Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
    – Steve P
    yesterday






  • 1




    You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
    – Moo
    yesterday










  • @Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
    – Robert Harvey
    21 hours ago




















  • Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
    – Steve P
    yesterday






  • 1




    You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
    – Moo
    yesterday










  • @Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
    – Robert Harvey
    21 hours ago


















Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday




Thank you guys so when they went to reset my password so I can get in, we’re they able to see my previous one?
– Steve P
yesterday




1




1




You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday




You overlook the fact that the company IT team can tell Windows or Active Directory to do anything they want with the password, including sending it to their own service where they can log it.
– Moo
yesterday












@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago






@Moo: Naturally, if IT installs keyloggers on every system, then all bets are off. But that's not how Windows is designed out of the box.
– Robert Harvey
21 hours ago














up vote
2
down vote













In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.

This means nobody can see the password because it isn't saved anywhere.




And do they ever see any of my passwords?




I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.

That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.






share|improve this answer





















  • This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
    – Moo
    yesterday










  • I think that replacing the default Windows password behaviour would be rather difficult to do
    – Mawg
    yesterday















up vote
2
down vote













In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.

This means nobody can see the password because it isn't saved anywhere.




And do they ever see any of my passwords?




I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.

That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.






share|improve this answer





















  • This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
    – Moo
    yesterday










  • I think that replacing the default Windows password behaviour would be rather difficult to do
    – Mawg
    yesterday













up vote
2
down vote










up vote
2
down vote









In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.

This means nobody can see the password because it isn't saved anywhere.




And do they ever see any of my passwords?




I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.

That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.






share|improve this answer












In a modern secure environment a password isn't saved as full password but as a hash which is let's say a weird sequence of numbers that can be used to check if you entered your password but can't be converted back to your actual password.

This means nobody can see the password because it isn't saved anywhere.




And do they ever see any of my passwords?




I assume your Windows environment works like that but I can't be sure and nobody else can be sure either.

That means the answer to this question is: not if every system you use is secure as I described. But nobody here knows what other systems your company uses that requires your password to be saved somewhere and that perhaps doesn't save it in a secure way.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









puck

1,191110




1,191110












  • This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
    – Moo
    yesterday










  • I think that replacing the default Windows password behaviour would be rather difficult to do
    – Mawg
    yesterday


















  • This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
    – Moo
    yesterday










  • I think that replacing the default Windows password behaviour would be rather difficult to do
    – Mawg
    yesterday
















This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday




This. At the end of the day, the company controls the computers on their network, they can do anything they want including replacing the default Windows password behaviour. It would be highly unusual, but they could conceivably do it and only their IT could tell you if they indeed have.
– Moo
yesterday












I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday




I think that replacing the default Windows password behaviour would be rather difficult to do
– Mawg
yesterday










up vote
-1
down vote













IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.



Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).



If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.



If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)






share|improve this answer





















  • that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
    – jwenting
    yesterday










  • So you suggest change my work system passwords and make them different than my personal ones right?
    – Steve P
    17 hours ago










  • It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
    – Snow
    17 hours ago










  • My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
    – Steve P
    15 hours ago












  • Thank you and how long does IT keep a log of it like that they had to reset my password???
    – Steve P
    9 hours ago















up vote
-1
down vote













IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.



Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).



If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.



If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)






share|improve this answer





















  • that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
    – jwenting
    yesterday










  • So you suggest change my work system passwords and make them different than my personal ones right?
    – Steve P
    17 hours ago










  • It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
    – Snow
    17 hours ago










  • My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
    – Steve P
    15 hours ago












  • Thank you and how long does IT keep a log of it like that they had to reset my password???
    – Steve P
    9 hours ago













up vote
-1
down vote










up vote
-1
down vote









IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.



Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).



If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.



If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)






share|improve this answer












IT probably didn't know your previous password, and wouldn't really care as they have the ability to reset your password and log in themselves if they had a need.



Don't forget that your work computer and associated Windows profile belongs to your employer, it's not yours. The company is allowed full access over your computer as and when required (which isn't often).



If you have a concern that you have private information on your work computer that your company can access, then the answer to that is simple - don't put private information on your work computer. Assume that your IT department has full access to your computer and the data on it.



If you're concerned that the IT department can see your past and future passwords because they're the same/similar as passwords you use in your private life, then (again), stop doing that. Credentials for your work computer/systems should be completely different to your personal passwords (but you should really be using completely random passwords for everything anyway...)







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









Snow

56.2k48182227




56.2k48182227












  • that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
    – jwenting
    yesterday










  • So you suggest change my work system passwords and make them different than my personal ones right?
    – Steve P
    17 hours ago










  • It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
    – Snow
    17 hours ago










  • My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
    – Steve P
    15 hours ago












  • Thank you and how long does IT keep a log of it like that they had to reset my password???
    – Steve P
    9 hours ago


















  • that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
    – jwenting
    yesterday










  • So you suggest change my work system passwords and make them different than my personal ones right?
    – Steve P
    17 hours ago










  • It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
    – Snow
    17 hours ago










  • My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
    – Steve P
    15 hours ago












  • Thank you and how long does IT keep a log of it like that they had to reset my password???
    – Steve P
    9 hours ago
















that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday




that'd depend on the jurisdiction involved. EU law e.g. places many restrictions on whether companies can access computers assigned to their employees and what they can do with the data they find there for example.
– jwenting
yesterday












So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago




So you suggest change my work system passwords and make them different than my personal ones right?
– Steve P
17 hours ago












It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow
17 hours ago




It seems obvious, but yes. And consider using a password generator to help you have a different and unique password for every service/website you use. Google “good password practice “ for more advice.
– Snow
17 hours ago












My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago






My passwords are all different just are similar before but I didn’t change them like I know once overthinkjng becusse even if they’ve did see my previous password it was different than all my other passwords but maybe had a couple numbers that were the same but words are completely different
– Steve P
15 hours ago














Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago




Thank you and how long does IT keep a log of it like that they had to reset my password???
– Steve P
9 hours ago










up vote
-1
down vote













If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.






share|improve this answer





















  • How about applications you use in the computers like adp and stuff can theysee that password?
    – Steve P
    17 hours ago










  • Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
    – Steve P
    15 hours ago















up vote
-1
down vote













If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.






share|improve this answer





















  • How about applications you use in the computers like adp and stuff can theysee that password?
    – Steve P
    17 hours ago










  • Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
    – Steve P
    15 hours ago













up vote
-1
down vote










up vote
-1
down vote









If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.






share|improve this answer












If IT is set up in a way that is not criminally insecure, there is no way anybody can read your password. However, if your IT is indeed run in an awfully insecure way, then they could read everybody’s password at any time. So whatever it is, the password reset makes no difference.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









gnasher729

78.6k34143248




78.6k34143248












  • How about applications you use in the computers like adp and stuff can theysee that password?
    – Steve P
    17 hours ago










  • Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
    – Steve P
    15 hours ago


















  • How about applications you use in the computers like adp and stuff can theysee that password?
    – Steve P
    17 hours ago










  • Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
    – Steve P
    15 hours ago
















How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago




How about applications you use in the computers like adp and stuff can theysee that password?
– Steve P
17 hours ago












Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago




Thanks, so you’re saying password reset makes no difference at all and I shouldn’t worry about it at all? Like with a password reset, they can’t see my previous password right?
– Steve P
15 hours ago



Popular posts from this blog

Актюбинская область

QoS: MAC-Priority for clients behind a repeater

AnyDesk - Fatal Program Failure