Does your company charge you to reset your passwords? Good idea?

I just found out that one of the companies that just took over our area in an 1.7b outsourcing deal recently (you figure it out), is charging employees $25 to reset forgotten passwords. At first, I thought how evil. Then I thought about it. Now I think it’s genius, and that all companies should be doing this. When you consider the amount of man hours and tickets that go into resetting the passwords of lusers, it might just be the thing to help you remember! Stop and think for a moment about your co-workers for a moment. How many of them do you know of that abuse the helpdesk because they, giggle, “I forgot my password again! And I just got it reset 2 days ago!! Damn system!!” No, damn brain of yours that doesn’t know how to manage passwords! Cha-ching, $25 please!

What do you think?

Finding profit in others’ forgetfulness. Evil, but I like it.

Well it might lead to less secure passwords and writing passwords on the keyboard, or even on a sticky on the monitor with the word password right above that.

OTHO it is a increadable waste of time to reset passwords and a fee would help encourage people to find ways to remember them.

I have see things like this where the money collected would go to buy better coffee or real cream for the coffee station.

A couple of thoughts. If I knew I’d be charged $25 to get my password reset, I’d be a heck of a lot more likely to write it down someplace. Secondly, some companies require people to change passwords frequently, use complicated and difficult to remember passwords involving symbols, numbers, eight digits etc. In such a case, I’d be really resentfull of such a policy --even if I never forgot my password and so never had to pay the fine. Would you rather have unwritten passwords that sometimes need resetting, or an office where any would be invader of the computer system can always find out SOMEBODY’s password, because many people have them written down and located near their desk?

On the whole, I’m voting bad idea.

Foolish. It will just encourage people to write them down. It makes the place less secure.

They all would write it down on a post it on the monitor and use their first name as the password.

I at one time had to use very expensive equipment that used hundred doolar probes. One would break about every other year. Some resonable brakage is to be expected.
My boss mentioned “We should charge you for broken probes”.
I told him to start once they paid me for evrytime I found a problem that he did that cost the company $10,000 to $20,00 a pop.

I would for a large financial services company. You would know the name. I have about 12 passwords I have to remember. If I forget one, I can go online and have a new temporary password emailed to me. I don’t have to call tech support, so it is not wasting anyone’s time.

$25 to reset is ridiculous.

It is stupid from a security point of view; as everyone has pointed out, people will just write down their passwords or use easy-to-crack ones.

Also, the password reminder system can easily be automated (see Yahoo or Hotmail or Paypal or anywhere you create a password – they all allow you to get a new password, usually by answering a question*).

The rule will not help security at all.

*Not that that always works – I once had a student who couldn’t answer the question, evidently thinking the idea was to stump themselves.

I agree that this would be counterproductive, assuming your company has a true need to keep the systems secure (and who doesn’t, really?). Possibly charging the department and/or notifying managers quarterly so that they can address the problem with serious repeat offenders. Someone who constantly resets their password might even be a red flag for someone who lets others log in as them, etc. But the charge would almost certainly backfire.

I actually had a similar idea, if anyone would like to weigh in on pros and cons. That was to charge employees who couldn’t keep within their allotted server space. This is usually people who are too lazy to archive their email locally. This was being handled by notification to managers, but they were some of the worst offenders and never had time or motivation to handle it. So my idea was to say if you go over your allotted space you can purchase additional space from the company through payroll deduction.

I work in IT for a large company and little have 15 - 20 passwords at a time. One of the passwords I used several times a day a day was a pain because it was system assigned and hard to remember even through repetition. I asked the help desk about this and he told me I could make one up myself. I was thrilled until he read off the system enforced rules for it.

  1. It can’t be a password you have ever used before.
  2. Each password will expire after 60 days.
  3. It must be 8 - 12 characters long.
  4. It must have mixed upper and lower case.
  5. It must contain at least 2 letters and at least 2 numbers.
  6. It must containing one of the following special characters: $#@!

That is just one password. Screw’em. I help other people out with problems that are roughly equivalent and I don’t suggest anyone charge them.

I have been the one that reset passwords before and when a person seemed to have selective amnesia about passwords or other systems things, I would talk to their manager about how uncaring they seemed to be taking expensive information systems. That solved the problem always.

I was security administrator at work for years. This is the biggest load of crap I have ever heard , it only takes seconds to reset a password. If you work in the area you even know when you will have to - after any big holiday period. Some people stuff them up on the day that they are forced to change it due to security policies.

But you have to love the way that someone can outsource the provision of services, presumably tendered on the basis of the services already supplied, and then take on additional charges for things that were in the original SLA.

Bullshit either way, but especially bad if it is one those assigned ones that has to have two letters, one lower case, three numbers, two symbols, etc.

I vote with those who say it will encourage sloppy security by them writing it down. I work in IT and if resetting a password is the toughest thing I have to do all day, it has been a good day.

I have a ridiculous number of passwords, I don’t even work in IT where it is common to have a ridiculous number of passwords, and many of them are for systems that I access intermittently and in some cases where the passwords automatically expire if the system isn’t accessed in a certain number of days. For certain systems I make it a policy not to waste braincells trying to remember the damn password. This week we all got prompted to change our passwords before they expired on a system half of us didn’t have accounts on but I couldn’t even remember whether that was one of the systems I was supposed to have been assigned an account for so I spent a while trying to change the password before giving up.

I am pretty security conscious and do try to have decent passwords but the older I get the less able I am to keep the damn things all neatly tucked away in my memory. I’d be furious if I were charged money for having forgotten a password.

Let’s see - they bill my time at $250/hr. So if it takes me more than 6 minutes to try to figure out what the password was, they are losing money on that $25. Hmmm - maybe they should charge support for $25 for every 6 minutes I wait while they take care of the problem!

from ASAKMOTSD

If you cannot remember your own password they shold be paying you $2.50 an hour, not $250. And the problem you are waiting for support to solve happens to be you.

Does anyone think this is a good idea? I agree with those who suggest that people will write down their passwords. And if the company somehow prevents people from doing that, they’ll figure out some way of getting the money back (expense account padding, stealing office supplies, etc.). What I’d do is refuse to pay the fee and just not do whatever needs to be done on that system.

I go to https://passwordreset.bigcompany.com.
I answer a couple of queries, OR use one of my good passwords on another system.
The system assigns me a new password.
I store my password in an passworded and encrypted application on my PDA, and off I go.
If you outsourced your services to a company too stupid to install the software my employer uses, I pity you. For Christ’s sake, it integrates into an Oracle system, a Windows Active Domain thingy and a vintage IBM mainframe.
Also, that price is outrageous. If it was $5 I could see it…

I, like many others in this thread, have several usernames and several passwords that change intermittently at different intervals. Without having these things written down somewhere that is easily accessible, it would be a miracle if I didn’t forget one every once in a while.