In website maintenance and support, hardly a day goes by where I am not asking someone for their password or other access information to various accounts and services. It’s always an odd thing, especially when I just started working for someone to ask for such access. On one hand, they did hire me and I need this information to do the work, on the other hand, we may have just met and here I am asking for the ‘keys to the castle.
Unguarded and Freely Handed Out
Regardless of my trepidation in asking for access, I am more often than not surprised by how easy it is given out and worse yet how often the username and password combination are obviously a skeleton key (used routinely on many accounts). Skelton key username/password combos are a whole other topic in and of itself.
I definitely hold a higher level of respect for the individual who asks exactly how it will be used, how it will be stored, and/or takes the time to create a new set of credentials to be used for website maintenance. These are few and far between though.
Locked Down to the Point of Inefficiency
Then there is an overprotective IT person. IT folk are like corporate lawyers in my opinion… the answer to almost any question is ’no’. Maybe I am being a little harsh and I certainly know some great IT people and some great corporate attorneys but I think many of you know what I mean here.
There is nothing more frustrating than winning a new client, starting a new web maintenance program and upon asking for site access information to be told ‘no outside vendors may have access to our network or servers’ or ‘we can’t give you access to the web systems because they share resources and access with other systems or even worse ‘I’m sorry we simply do not share that information.
This is a very frustrating dance – I have a job to do, and my direct client is probably not handling IT and just wants the work done, yet I can’t do my job because I do not have access to what I need.
The back and forth ensues and eventually, I almost always get the access I need. However, there are those that come up with some not-so-great scenarios. I’m actually working on an access policy document that will state exactly what must be provided by the client in order for me to provide adequate services.
Experience has taught me that IT folks hate surprises. For organizations with IT policies it’s important for the person who is managing the new vendor to alert IT staff of the new service provider, ensure that they are authorized to access certain systems, and request that they work with them to find a solution.
For smaller organizations and individuals, I highly recommend that you create new access credentials for use with your newly hired vendor and never share username/password combos that are obviously skeleton keys.