re: #15 Kragar

A legitimate system admin will **NEVER** need your password.

The only reason he would ask for your password would be to use it without his own accounts being tracked and logged in the system.

If he did need to use your account, such as to verify permissions to a remote share or system, he could simply reset the password himself, log on using it, then inform the client they needed to reset their password. The problem with that is his resetting the password could be tracked in the system event logs.

Not a problem if you are doing legitimate business with the documentation to support what you’re doing, but a big deal if you are trying to hide what you’re doing.

THIS, FOREVER^^^^^^^^^^

I have been a sysadmin at the organization I work for (though in my current position I am not one) and we were assigned our own “superuser” passwords that we used to perform our legitimate job duties.

There was *NEVER* any reason to ask a user for their password.

If a user forgot their password, which happens very frequently, there was no way to retrieve it for them, we would just give them a new password that had to be changed after the first login.

There were some older databases lying around that contained login information for some old, pre-Y2K, non-secure systems. and it’s possible that some of the USERID/PASSWORD combinations that are stored in those tables might mirror logins currently being used elsewhere. If so someone might do serious mischief.