Do I have to relinquish my PC password to my former boss?Should I give my work laptop's username and password to my company?Ex-employer is offering a “compensation package” for some basic things like no ill talking the company but also my password. What do?My ex-coworker wants to know my Bitlocker passwordHow do I deal with an employer withholding my paycheck?Former job asking for laptop password weeks after leavingShould I provide my boss a list of all the passwords I knowHelp former coworkers or ask for paid consulting?How frustrated should I be before I quit, given that I have other options and saving?My former employer is witholding my final paycheck and W2Leave a job early to go back to former employer?My boss told me I'd have to pay him to quit. Can he do that?Former coworkers have set a standard of longer than two-weeks-noticeShould I help my former employer advertise my old job?Conflict of interest between current and former employerEthics when former colleague applies for positionFormer job asking for laptop password weeks after leaving

Control GPIO pins from C

Inset Square From a Rectangular Face

Align (multiline text)-nodes with tikzlibrary 'positioning'

My new Acer Aspire 7 doesn't have a Legacy Boot option, what can I do to get it?

Would it be illegal for Facebook to actively promote a political agenda?

Vegetarian dishes on Russian trains (European part)

Wristwatches in the cockpit

Independence of Mean and Variance of Discrete Uniform Distributions

Earliest evidence of objects intended for future archaeologists?

Why doesn't mathematics collapse down, even though humans quite often make mistakes in their proofs?

Why should P.I be willing to write strong LOR even if that means losing a undergraduate from his/her lab?

Do living authors still get paid royalties for their old work?

Polar contour plot in Mathematica?

Designing a prison for a telekinetic race

Do banks' profitability really suffer under low interest rates

iPad or iPhone doesn't charge until unlocked?

Quick destruction of a helium filled airship?

Build a mob of suspiciously happy lenny faces ( ͡° ͜ʖ ͡°)

Are there categories whose internal hom is somewhat 'exotic'?

How to shade a polygon with curved lines in tikz?

Graph of the function (2x^2-2)/(x^2-1)

The Lucky House

Does git delete empty folders?

Are unaudited server logs admissible in a court of law?



Do I have to relinquish my PC password to my former boss?


Should I give my work laptop's username and password to my company?Ex-employer is offering a “compensation package” for some basic things like no ill talking the company but also my password. What do?My ex-coworker wants to know my Bitlocker passwordHow do I deal with an employer withholding my paycheck?Former job asking for laptop password weeks after leavingShould I provide my boss a list of all the passwords I knowHelp former coworkers or ask for paid consulting?How frustrated should I be before I quit, given that I have other options and saving?My former employer is witholding my final paycheck and W2Leave a job early to go back to former employer?My boss told me I'd have to pay him to quit. Can he do that?Former coworkers have set a standard of longer than two-weeks-noticeShould I help my former employer advertise my old job?Conflict of interest between current and former employerEthics when former colleague applies for positionFormer job asking for laptop password weeks after leaving






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








62















I worked in a tech company and recently put in notice. I was told to leave and to not come back. I did not get an opportunity to clean personal files off of my work computer. My former boss has now just sent me an email to my personal email asking for the password on my work computer.



Do I need to relinquish my password? I know for a fact that they are capable of reformatting the computer and using it without needing my password. My fear is that they are only asking so they can snoop through what's on it.



I should mention the second part of the issue is that I use the same password for everything: email, online banking, etc. I would need to change all of my passwords if I gave them this one and I can't even remember every account I've created. There is no written policy about this.










share|improve this question
















We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed.











  • 33





    Is this the same ex-boss who accused you of stealing and refuses to pay you? workplace.stackexchange.com/questions/23363/…

    – ExactaBox
    Apr 30 '14 at 17:48







  • 13





    related: Our security auditor is an idiot. How do I give him the information he wants? "A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords..."

    – gnat
    Apr 30 '14 at 21:14







  • 33





    I feel compelled to comment on this: > I should mention the second part of the issue is that I use the same > password for everything: email, online banking, etc. This is an incredibly stupid thing to do. You are recklessly endangering your on-line identity by doing this. For an absolute minimum you should routinely use three passwords: one for you e-mail, one for your banking and one for other websites. You cannot rely on random websites to all be responsible in their storage of your password, and you should not risk having your e-mail and finances compromised by bad decisions by a neglig

    – Jack Aidley
    May 1 '14 at 8:56






  • 3





    comments removed Please remember that comments are to "Request clarification from the author; Leave constructive criticism that guides the author in improving the post; Add relevant but minor or transient information to a post (e.g. a link to a related question, or an alert to the author that the question has been updated)." Please consider adding an answer that can be accepted, approved, and voted on if you have something substantive to say. Thanks in advance!

    – jmac
    May 1 '14 at 13:39






  • 5





    Why can't they just reset it themselves?

    – Thorbjørn Ravn Andersen
    Jun 18 '14 at 19:28

















62















I worked in a tech company and recently put in notice. I was told to leave and to not come back. I did not get an opportunity to clean personal files off of my work computer. My former boss has now just sent me an email to my personal email asking for the password on my work computer.



Do I need to relinquish my password? I know for a fact that they are capable of reformatting the computer and using it without needing my password. My fear is that they are only asking so they can snoop through what's on it.



I should mention the second part of the issue is that I use the same password for everything: email, online banking, etc. I would need to change all of my passwords if I gave them this one and I can't even remember every account I've created. There is no written policy about this.










share|improve this question
















We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed.











  • 33





    Is this the same ex-boss who accused you of stealing and refuses to pay you? workplace.stackexchange.com/questions/23363/…

    – ExactaBox
    Apr 30 '14 at 17:48







  • 13





    related: Our security auditor is an idiot. How do I give him the information he wants? "A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords..."

    – gnat
    Apr 30 '14 at 21:14







  • 33





    I feel compelled to comment on this: > I should mention the second part of the issue is that I use the same > password for everything: email, online banking, etc. This is an incredibly stupid thing to do. You are recklessly endangering your on-line identity by doing this. For an absolute minimum you should routinely use three passwords: one for you e-mail, one for your banking and one for other websites. You cannot rely on random websites to all be responsible in their storage of your password, and you should not risk having your e-mail and finances compromised by bad decisions by a neglig

    – Jack Aidley
    May 1 '14 at 8:56






  • 3





    comments removed Please remember that comments are to "Request clarification from the author; Leave constructive criticism that guides the author in improving the post; Add relevant but minor or transient information to a post (e.g. a link to a related question, or an alert to the author that the question has been updated)." Please consider adding an answer that can be accepted, approved, and voted on if you have something substantive to say. Thanks in advance!

    – jmac
    May 1 '14 at 13:39






  • 5





    Why can't they just reset it themselves?

    – Thorbjørn Ravn Andersen
    Jun 18 '14 at 19:28













62












62








62


10






I worked in a tech company and recently put in notice. I was told to leave and to not come back. I did not get an opportunity to clean personal files off of my work computer. My former boss has now just sent me an email to my personal email asking for the password on my work computer.



Do I need to relinquish my password? I know for a fact that they are capable of reformatting the computer and using it without needing my password. My fear is that they are only asking so they can snoop through what's on it.



I should mention the second part of the issue is that I use the same password for everything: email, online banking, etc. I would need to change all of my passwords if I gave them this one and I can't even remember every account I've created. There is no written policy about this.










share|improve this question
















I worked in a tech company and recently put in notice. I was told to leave and to not come back. I did not get an opportunity to clean personal files off of my work computer. My former boss has now just sent me an email to my personal email asking for the password on my work computer.



Do I need to relinquish my password? I know for a fact that they are capable of reformatting the computer and using it without needing my password. My fear is that they are only asking so they can snoop through what's on it.



I should mention the second part of the issue is that I use the same password for everything: email, online banking, etc. I would need to change all of my passwords if I gave them this one and I can't even remember every account I've created. There is no written policy about this.







ethics quitting






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 1 '14 at 9:39









David Richerby

1,74912 silver badges22 bronze badges




1,74912 silver badges22 bronze badges










asked Apr 30 '14 at 17:29









TheGuestestTheGuestest

4132 gold badges5 silver badges6 bronze badges




4132 gold badges5 silver badges6 bronze badges





We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed.








We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed.






We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed.









  • 33





    Is this the same ex-boss who accused you of stealing and refuses to pay you? workplace.stackexchange.com/questions/23363/…

    – ExactaBox
    Apr 30 '14 at 17:48







  • 13





    related: Our security auditor is an idiot. How do I give him the information he wants? "A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords..."

    – gnat
    Apr 30 '14 at 21:14







  • 33





    I feel compelled to comment on this: > I should mention the second part of the issue is that I use the same > password for everything: email, online banking, etc. This is an incredibly stupid thing to do. You are recklessly endangering your on-line identity by doing this. For an absolute minimum you should routinely use three passwords: one for you e-mail, one for your banking and one for other websites. You cannot rely on random websites to all be responsible in their storage of your password, and you should not risk having your e-mail and finances compromised by bad decisions by a neglig

    – Jack Aidley
    May 1 '14 at 8:56






  • 3





    comments removed Please remember that comments are to "Request clarification from the author; Leave constructive criticism that guides the author in improving the post; Add relevant but minor or transient information to a post (e.g. a link to a related question, or an alert to the author that the question has been updated)." Please consider adding an answer that can be accepted, approved, and voted on if you have something substantive to say. Thanks in advance!

    – jmac
    May 1 '14 at 13:39






  • 5





    Why can't they just reset it themselves?

    – Thorbjørn Ravn Andersen
    Jun 18 '14 at 19:28












  • 33





    Is this the same ex-boss who accused you of stealing and refuses to pay you? workplace.stackexchange.com/questions/23363/…

    – ExactaBox
    Apr 30 '14 at 17:48







  • 13





    related: Our security auditor is an idiot. How do I give him the information he wants? "A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords..."

    – gnat
    Apr 30 '14 at 21:14







  • 33





    I feel compelled to comment on this: > I should mention the second part of the issue is that I use the same > password for everything: email, online banking, etc. This is an incredibly stupid thing to do. You are recklessly endangering your on-line identity by doing this. For an absolute minimum you should routinely use three passwords: one for you e-mail, one for your banking and one for other websites. You cannot rely on random websites to all be responsible in their storage of your password, and you should not risk having your e-mail and finances compromised by bad decisions by a neglig

    – Jack Aidley
    May 1 '14 at 8:56






  • 3





    comments removed Please remember that comments are to "Request clarification from the author; Leave constructive criticism that guides the author in improving the post; Add relevant but minor or transient information to a post (e.g. a link to a related question, or an alert to the author that the question has been updated)." Please consider adding an answer that can be accepted, approved, and voted on if you have something substantive to say. Thanks in advance!

    – jmac
    May 1 '14 at 13:39






  • 5





    Why can't they just reset it themselves?

    – Thorbjørn Ravn Andersen
    Jun 18 '14 at 19:28







33




33





Is this the same ex-boss who accused you of stealing and refuses to pay you? workplace.stackexchange.com/questions/23363/…

– ExactaBox
Apr 30 '14 at 17:48






Is this the same ex-boss who accused you of stealing and refuses to pay you? workplace.stackexchange.com/questions/23363/…

– ExactaBox
Apr 30 '14 at 17:48





13




13





related: Our security auditor is an idiot. How do I give him the information he wants? "A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords..."

– gnat
Apr 30 '14 at 21:14






related: Our security auditor is an idiot. How do I give him the information he wants? "A security auditor for our servers has demanded the following within two weeks: A list of current usernames and plain-text passwords..."

– gnat
Apr 30 '14 at 21:14





33




33





I feel compelled to comment on this: > I should mention the second part of the issue is that I use the same > password for everything: email, online banking, etc. This is an incredibly stupid thing to do. You are recklessly endangering your on-line identity by doing this. For an absolute minimum you should routinely use three passwords: one for you e-mail, one for your banking and one for other websites. You cannot rely on random websites to all be responsible in their storage of your password, and you should not risk having your e-mail and finances compromised by bad decisions by a neglig

– Jack Aidley
May 1 '14 at 8:56





I feel compelled to comment on this: > I should mention the second part of the issue is that I use the same > password for everything: email, online banking, etc. This is an incredibly stupid thing to do. You are recklessly endangering your on-line identity by doing this. For an absolute minimum you should routinely use three passwords: one for you e-mail, one for your banking and one for other websites. You cannot rely on random websites to all be responsible in their storage of your password, and you should not risk having your e-mail and finances compromised by bad decisions by a neglig

– Jack Aidley
May 1 '14 at 8:56




3




3





comments removed Please remember that comments are to "Request clarification from the author; Leave constructive criticism that guides the author in improving the post; Add relevant but minor or transient information to a post (e.g. a link to a related question, or an alert to the author that the question has been updated)." Please consider adding an answer that can be accepted, approved, and voted on if you have something substantive to say. Thanks in advance!

– jmac
May 1 '14 at 13:39





comments removed Please remember that comments are to "Request clarification from the author; Leave constructive criticism that guides the author in improving the post; Add relevant but minor or transient information to a post (e.g. a link to a related question, or an alert to the author that the question has been updated)." Please consider adding an answer that can be accepted, approved, and voted on if you have something substantive to say. Thanks in advance!

– jmac
May 1 '14 at 13:39




5




5





Why can't they just reset it themselves?

– Thorbjørn Ravn Andersen
Jun 18 '14 at 19:28





Why can't they just reset it themselves?

– Thorbjørn Ravn Andersen
Jun 18 '14 at 19:28










13 Answers
13






active

oldest

votes


















58














There are ways for your employer to get access to the computer without your current password. For that reason I would contact the Companies HR or Legal department and advise them that due to the risk of your identity being used you are unwilling to provide provide your password to the company. I would not have any direct contact with your former manager without HR being included.



Until the court orders you to provide assistance you can choose not to provide the password. However if you choose to force them to go that route you do risk being found liable for other damages and costs as once a company starts down the legal process they are usually more willing to pursue a case in full. If you are not prepared and experienced in dealing with this it can be an expensive learning experience. So read what ever documentation you have and make sure you understand where you stand based on those documents.



If this legal fight is something you would just prefer to avoid, I would offer to come in and change the password to something that the company defines. I would define the process that you will use to change the password and then log off of the computer and require that someone from HR or the Legal team be there for the entire visit.



Another option is to ignore the email. Email is not a reliable method of communication. If the message got moved to your junk e-mail, or trash without being read there is no way of telling for either side without investigation.



Finally, there is no business need demonstrated for the CEO to have your password. Your login can be bypassed through a number of standard methods. The company should have obtained everything it needed prior to dismissing you since there was no misconduct. You are no longer employed there and not subject to their policies that might have required you to provide the password. That should have been obtained prior to your termination, their failure to follow good business practice does not create an obligation for you.



Your company should have created a separation agreement prior to your termination. It would have protected you both. You from continued harassment and requests, and them from any claims by you to any rights to the contents of your computer files. Since you are no longer bound by company policy you could potentially have rights to privacy for all documents on the computer that were not work product. But you would need to consult an attorney to be sure.



If I were in your situation and I wanted to resist providing the password, I would make them get a court order requiring my compliance. Then I would probably seek to quash that order. The requirement to force the disclosure of the password is that the company show they can not proceed without it, or that the impact with be significant. Since they can bypass your password, this is going to be a very high bar. That whole process will take months to resolve. Either way these are my rights I am exerting and there is no cause to award them fees, as this should have been obtained prior to termination. But that is what I would do I am not providing legal advice for you to follow what could be a very bad example. Should you choose to follow this course you should be aware that many judges are business friendly and may choose not to interpret the law in your favor. This is especially true when you are acting as your own attorney. So no matter how valid your argument and how "right" you are, there is a risk of losing, and in my experience, appellate courts practically ignore pro se pleadings.






share|improve this answer


































    42














    You should check all of your employment related documents, including offer letter, employee handbook, and separation documents, for any mention of penalties for failure to comply with company requests regarding accounts and equipment. These documents, if present, should provide you with legal guidance to answer your question of "Do I have to" (which I have taken to mean "Am I legally obligated to").



    One reason to check your employment-related documents is for clauses you may have glossed right over when signing them, such as "All ideas, concepts, or expressions (copyrightable or not); copyrighted or copyrightable material; trademark; trade secret; works, inventions, discoveries, improvements, or inventions (whether patentable or not) made, devised, or discovered by the Employee are the property of the Company" which typically is interpreted by the company to mean "Anything you think or do, especially on our equipment, belongs to us, so we have the right to get it." Such wording and expectations are especially true in the state or federal government (in the US) jobs, in which computer use and expectations of privacy or lack thereof are explicitly spelled out, as are personal use of computers, period.



    After checking your documents, you can decide for yourself if any stated penalties are worth not relinquishing your password, or, in the absence of no legal guidance, if your failure to comply with the request is something you want to be remembered for (by people who may be reference checks).



    The equipment belongs to the company and, in many organizations, anything on the machine also belongs to them (see examples noted above). In the absence of legal guidance in signed documents, your ethics are your own; as a manager (and someone who very much values privacy) I would recommend giving them the password to the machine (or, as Dukeling says in a comment, offering to go in and type it yourself) and learning a hard lesson about keeping personal stuff on company equipment (e.g. don't do it, or if you do, don't have an expectation of privacy) when your employee agreement actually even allows you to do so.






    share|improve this answer






















    • 38





      I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

      – IDrinkandIKnowThings
      Apr 30 '14 at 19:15






    • 1





      @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

      – jcmeloni
      May 2 '14 at 11:24






    • 3





      @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

      – jmac
      May 11 '14 at 23:56






    • 1





      @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

      – IDrinkandIKnowThings
      May 12 '14 at 2:48







    • 2





      @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

      – jmac
      May 12 '14 at 2:58


















    38














    No, don't hand over your password, as a matter of personal security.



    Others here have mentioned that your former employer owns your former work computer and the data on it. This is probably the case. If you have personal stuff on there, you were probably misusing the company resources.



    However, all of that is entirely separate to your password. This is personal information that should be treated as confidential: you have no obligation to hand it over, ever. Your company is not entitled to know your password. None of their ownership over the data, hardware or software entitles them to know this. They are entitled to know and store a hashed version of your password (this is what lets you log in), but they are not entitled to know your password in plain text.



    They should not need this information under any circumstance.



    Speaking as someone in IT, if they have half-decent IT resources, they'll be able to reset your account password to something that'll let them gain access, which means they get what they want, and you keep your password private. Or, they'll be able to access your personal files anyway via an administrator's account, and will not require your password to do it. If there's full-disk encryption via BitLocker or some other product, and it's part of company protocol, they should have a plan for how to access your data without needing your information (speaking as someone who works for a company which uses full-disk encryption).



    If they need your password for anything, it's because they bungled up their IT strategies somewhere, and that's their problem to deal with.



    Of course, if you encrypted your work stuff outside of protocol (using TrueCrypt or etc) and it's the password for that stuff which they're asking for, then you probably do have at least an ethical responsibility to go in there and provide them with the work they paid you for. Meaning: go in there, decrypt it yourself, and take out the work stuff to give to them. Still don't give them your password.



    If you're obligated, find another means.



    I'll maintain that you should absolutely not hand over your password. You should definitely not respond to their email with it, even if you can tell it's authentic (it might not be).



    Check your company's materials they gave you. If you have any obligations around this, offer an alternate arrangement, such as returning to the company to change your password. If you don't have obligations, decline their request. As I said, their IT folks should be able to handle this without your help.



    Be willing to burn your bridges here.



    Others have mentioned they may give you a poor reference if you don't want to comply. It's not worth sacrificing your personal security and confidentiality for the hope of a good reference, though. Further, you have no guarantee they'll give you a good reference if you do comply, but in return you'll be sabotaging yourself so they can get something they want which they shouldn't need. Given how they reacted to your leaving and how they've treated you previously, it doesn't seem you're going to get a good reference anyway.






    share|improve this answer



























    • It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

      – Steve Jessop
      May 1 '14 at 8:41







    • 1





      @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

      – doppelgreener
      May 1 '14 at 8:57






    • 1





      @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

      – IDrinkandIKnowThings
      May 1 '14 at 13:56






    • 3





      My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

      – Tonny
      May 1 '14 at 20:56






    • 1





      I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

      – Canadian Luke
      May 2 '14 at 17:25


















    19














    Given that, in this situation, you haven't left on good terms, simply ignore this request - don't respond to the email asking for the password.



    This bridge is already burnt, and there's nothing to be gained by complying with them, while there are potential losses. You've already left the job, there's no need to engage with them further.



    For the future, as a matter of general practise, don't reuse your personal passwords at work, and clear your personal data down before you leave.






    share|improve this answer




















    • 1





      This answer does not appear to add anything that is not already covered more thoroughly in previous answers

      – IDrinkandIKnowThings
      May 1 '14 at 3:06






    • 1





      @Chad - It more explictly says 'Ignore the request'.

      – geekrunner
      May 1 '14 at 23:16


















    12














    I think the tricky gotcha here is that they told you to leave, so to me that implies at that moment you were no longer an employee and they can't demand anything more of you. If they wanted the password, they should have taken your offer of a two week notice and had you create a document for that type of information. But, local laws on this may say something different. Had they not told you to immediately leave, I think it would be well within their right to demand the password since you are an employee using their computer. Or, at the very least, they would be within their right to have you hand over a password to the machine after you changed it to a different one.



    And in the future, always, always, always clean your machine before giving notice!!!! In fact, clean your machine if you have even a hint that something may be changing. And it goes without saying, never use personal passwords on company machines.






    share|improve this answer




















    • 4





      NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

      – Wesley Long
      May 2 '14 at 14:13











    • I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

      – bharal
      May 2 '14 at 18:19












    • @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

      – GrandmasterB
      May 2 '14 at 18:53



















    4














    You are not an employee any more. This person is not your boss any more. At the point when they told you to leave the building and not come back, they more or less gave up the right to tell you to do anything else ever again. If they want to read any data on the computer you used while you were an employee, they can do that without your password, unless the data is encrypted. If the data is not encrypted, nothing related to your former employment causes them to need your password so they surely have no more right to demand passwords from you than they do from any other non-employee. Me, for example.






    share|improve this answer




















    • 2





      "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

      – Dukeling
      May 1 '14 at 14:20











    • @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

      – David Richerby
      May 1 '14 at 14:24






    • 1





      OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

      – Dukeling
      May 1 '14 at 14:28












    • @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

      – cHao
      May 3 '14 at 17:23







    • 1





      @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

      – cHao
      May 3 '14 at 22:44



















    3














    Most companies (including the one I work for) specifically state in their policies that any network, computer or device that you connect to the network can be legally searched without your consent.



    Here's an excerpt from my company's manual (we're required to agree before we begin working):




    Use of company technology, networks, and Internet services does not
    create any expectation of privacy. [The Company] reserves the right to
    search and/or monitor any information created, accessed, sent,
    received, and/or stored in any format by any Company employee on
    Company equipment or any equipment connected to [The Company's] network.




    Now, I'm not a lawyer, and the laws in your country may differ from others, but generally speaking, if a company owns a device, they are legally allowed to monitor or search whatever their employees are doing on said device.



    Furthermore, many company policies also state that personal use of computers or networks is prohibited, so it may actually be possible that you keeping personal information on the computers is a violation of company policy in and of itself, but that's besides the point:



    If you refuse to surrender your password, they may just say "oh well", format the PC, and you'll never hear from them again.



    On the other hand, they could possibly take legal action against you, since you've locked up information that they have legally stated is theirs and not given them the key.



    I would advise you to give them the password or seek legal counsel if you feel that you have other options.






    share|improve this answer




















    • 2





      Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

      – Trevor
      Apr 30 '14 at 21:31






    • 8





      Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

      – Andy
      Apr 30 '14 at 22:56











    • @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

      – user12985
      May 1 '14 at 13:13











    • @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

      – user12985
      May 1 '14 at 14:55






    • 2





      @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

      – DRF
      Jun 8 '17 at 20:05


















    2














    In any responsible company regardless of size, there will be a checklist for the manager to go through with departing workers, or whomever is responsible that day, if manager is absent. They'll get your badge or key card or company ID, that sort of thing. Sometimes it is done by Human Resources. At that time, while you were still on the premises, they should have asked for your password.



    Of course, as everyone else said, the IT department should be able to reset the password, or get access to your former computer, easily!



    It is very peculiar for your former employer to contact you by personal email, (several days? weeks?) later, after telling you to leave immediately after giving notice. Are you certain that the email you received is truly from your former manager, not spoofed or forged?



    I would NOT disclose the password by return email, under those conditions. That is possibly worse than not responding at all. Even thought your accounts should have been terminated, you can't be certain, as you aren't an employee anymore. Given that you use the same password everywhere, you should be even more leery of sending it by email. I wouldn't reply, but rather wait and see if your former boss telephones you with the same password request.






    share|improve this answer


































      0














      There is no obligation of an employee to give any sort of password information to a company that is for a personal machine.



      I know that a person should not use the same work and personal passwords but it happens and thus a company has no rights to this.



      How do I know? I used to run the IT department for a very large international company. We had many users who left without giving us their password. There is nothing legally we could do and trust me if there was my company would certainly follow through on those people. Even people who would not divulge passwords to shared machines/servers/routers/switches, there was basically nothing we could do.



      So the easiest way out of this... give them a password, but not yours.



      Now I get them asking if it is a smaller company that has little IT help (or bad IT help). It saves them time and maybe $50. But they should either have an administrator account on every machine that they control or they should have the ability to change your password via Active Directory.



      What would I do to get your password? I would run rainbow tables against Windows and have it in 5-10 minutes if that. I then would have your exact password. Reason why I mention that is to alert people that if they want their password to remain a secret they should rename it (I suggest 3 times) before handing their equipment over.






      share|improve this answer
































        -1














        Let's make one assumption here to begin: that there is no arrangement between you and your (former) employer in regards to this situation. Note that I am not referring to a manual excerpt such as what Moses posted - such an excerpt enables the company to monitor and access that information, but does not require you to relinquish passwords.



        Remember that passwords = authentication. When you authenticate with a username + password, the username just defines who you are, while the password proves you are who you say you are. If anyone else can prove that, they are functionally you for every location that you chose to use that password. (try telling a boss that you didn't access [random site] when a server log says that your account did)



        That being said, I'd approach this pragmatically, and reply with the assumption that your former boss is looking to get into the account that you formerly used; it doesn't matter why, but if you approach it from that angle, there is a lot that you can provide without actually giving your password:



        • If you know that the computer had a separate administrator account, you could instruct him/her on logging into that account, changing your account's password to something else, then logging into your former account that way.


        • If the hard drive was not encrypted, you could instruct them on reading the contents of the drive by using a USB-to-SATA adapter.


        • You can provide brief instruction on how to reset a forgotten administrator password, which isn't as hard as it sounds.


        • If it isn't a major hassle for you, and both parties are willing, you could also offer to stop in over the next couple days, where you would login and change the password to a generic one. You may also be able to use this time to get off any documents you (and the company) consider to be personal to you.


        Any of these can also be accomplished with a referral to instructions found off of a Google search, and each accomplishes what your former boss is likely looking to accomplish, without actually relenquishing your password.






        share|improve this answer
































          -1














          Asking for your work password doesn't sound that unusual of a request. If it was a work computer, you shouldn't have had anything too personal on there you wouldn't want your employer to have access to. However, does seem like a bit of a security risk divulging your password if you use it elsewhere.



          If I were in your situation, what I would do is act ignorant. Tell them you don't remember the password. If you can't remember the password, then there's little you can do, and unless they can prove you do remember the password (which they can't), then they are fresh out of luck.



          While I doubt it would happen, giving them your computer password means they could easily open a web browser and access any website you might have logged into previously and selected, "remember me". If you use the same password for your email, Facebook or Twitter (amongst others) they can log in to those. Chances are they won't, but it is a possibility. It depends on who will be logging onto the computer and what their intentions are.



          All that said; please know that this would be considered profoundly immoral to withhold a password intentionally. The employer probably has justified reasons like wanting to make sure you saved all appropriate files to a server they can access. Just because it might be something I would do, doesn't mean you should heed my advice and do it too.






          share|improve this answer






















          • 2





            Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

            – IDrinkandIKnowThings
            May 2 '14 at 3:00











          • There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

            – user1023
            May 2 '14 at 8:58


















          -3














          What rights does the ex-employer have? They have the rights to any company data on the computer, and the right to have that computer in a usable state. With hard drive encryption, the computer might not actually be usable. Throwing out the employee and turning him into an ex-employee without making sure they have these things is of course stupid.



          What rights does the ex-employee have? He has the right not to divulge his password, which he is using for his private banking as well (I know it is stupid to use the same password), he has the right that private data on the computer stay private and are not used against him. Remember he is an ex employee. He has the right not to do any work for the company without payment.



          A reasonable thing to happen would be for the ex-employee to come to the company at a reasonable time, with expenses paid, and change the computer password to "1234" or "Password" or whatever, so the company can exercise their rights. The next reasonable thing to happen would be for the company to accept that other or to make a different reasonable offer.



          The former boss has no right to know the password, but he has the right to get the computer made usable. But not for free; the notice period is there for exactly that kind of thing.






          share|improve this answer




















          • 3





            This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

            – Monica Cellio
            May 1 '14 at 21:18






          • 1





            "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

            – user1023
            May 2 '14 at 8:55











          • @user1023: Yes. Most likely better than you.

            – gnasher729
            Jul 14 '16 at 23:26


















          -3














          If the PC is company property and you have "locked" access by the company by using a password and not making it available, you could be in trouble. And if you opened the company by using a password that you also used for some potentially insecure remote site, you could be in even more trouble.



          The reference in the @jcmeloni answer to intellectual property could be an additional element. If it's a company PC, the company owns the password as well as everything else on the PC.



          While you might not be in a jurisdiction that explicitly covers this situation, case law does exist that could be relevant. Probably the most notorious was over Terry Childs ( see People v. Childs, 2013 WL 5779044 (Cal. App. Ct. Oct. 25, 2013). ) That was far more egregious than your circumstances, but there are related principles.



          You'll not only want to be sure you're legally covered, but you'll also want to be sure your future career is safe. Even a small court case can be long-term trouble for your future.



          With all of that said, as others have mentioned, the company has physical access to the PC and can recover the password without much trouble. You aren't keeping it "secret" by refusing to divulge it. At most, you're delaying access. But at worst, you might be making serious trouble for yourself with essentially zero risk to the company.






          share|improve this answer




















          • 3





            The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

            – IDrinkandIKnowThings
            May 3 '14 at 18:55











          • In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

            – cHao
            May 3 '14 at 22:05












          • @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

            – user2338816
            May 4 '14 at 7:53











          • Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

            – cHao
            May 4 '14 at 9:17












          • @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

            – user2338816
            May 4 '14 at 10:38











          protected by Jane S Jul 14 '16 at 7:20



          Thank you for your interest in this question.
          Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



          Would you like to answer one of these unanswered questions instead?














          13 Answers
          13






          active

          oldest

          votes








          13 Answers
          13






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          58














          There are ways for your employer to get access to the computer without your current password. For that reason I would contact the Companies HR or Legal department and advise them that due to the risk of your identity being used you are unwilling to provide provide your password to the company. I would not have any direct contact with your former manager without HR being included.



          Until the court orders you to provide assistance you can choose not to provide the password. However if you choose to force them to go that route you do risk being found liable for other damages and costs as once a company starts down the legal process they are usually more willing to pursue a case in full. If you are not prepared and experienced in dealing with this it can be an expensive learning experience. So read what ever documentation you have and make sure you understand where you stand based on those documents.



          If this legal fight is something you would just prefer to avoid, I would offer to come in and change the password to something that the company defines. I would define the process that you will use to change the password and then log off of the computer and require that someone from HR or the Legal team be there for the entire visit.



          Another option is to ignore the email. Email is not a reliable method of communication. If the message got moved to your junk e-mail, or trash without being read there is no way of telling for either side without investigation.



          Finally, there is no business need demonstrated for the CEO to have your password. Your login can be bypassed through a number of standard methods. The company should have obtained everything it needed prior to dismissing you since there was no misconduct. You are no longer employed there and not subject to their policies that might have required you to provide the password. That should have been obtained prior to your termination, their failure to follow good business practice does not create an obligation for you.



          Your company should have created a separation agreement prior to your termination. It would have protected you both. You from continued harassment and requests, and them from any claims by you to any rights to the contents of your computer files. Since you are no longer bound by company policy you could potentially have rights to privacy for all documents on the computer that were not work product. But you would need to consult an attorney to be sure.



          If I were in your situation and I wanted to resist providing the password, I would make them get a court order requiring my compliance. Then I would probably seek to quash that order. The requirement to force the disclosure of the password is that the company show they can not proceed without it, or that the impact with be significant. Since they can bypass your password, this is going to be a very high bar. That whole process will take months to resolve. Either way these are my rights I am exerting and there is no cause to award them fees, as this should have been obtained prior to termination. But that is what I would do I am not providing legal advice for you to follow what could be a very bad example. Should you choose to follow this course you should be aware that many judges are business friendly and may choose not to interpret the law in your favor. This is especially true when you are acting as your own attorney. So no matter how valid your argument and how "right" you are, there is a risk of losing, and in my experience, appellate courts practically ignore pro se pleadings.






          share|improve this answer































            58














            There are ways for your employer to get access to the computer without your current password. For that reason I would contact the Companies HR or Legal department and advise them that due to the risk of your identity being used you are unwilling to provide provide your password to the company. I would not have any direct contact with your former manager without HR being included.



            Until the court orders you to provide assistance you can choose not to provide the password. However if you choose to force them to go that route you do risk being found liable for other damages and costs as once a company starts down the legal process they are usually more willing to pursue a case in full. If you are not prepared and experienced in dealing with this it can be an expensive learning experience. So read what ever documentation you have and make sure you understand where you stand based on those documents.



            If this legal fight is something you would just prefer to avoid, I would offer to come in and change the password to something that the company defines. I would define the process that you will use to change the password and then log off of the computer and require that someone from HR or the Legal team be there for the entire visit.



            Another option is to ignore the email. Email is not a reliable method of communication. If the message got moved to your junk e-mail, or trash without being read there is no way of telling for either side without investigation.



            Finally, there is no business need demonstrated for the CEO to have your password. Your login can be bypassed through a number of standard methods. The company should have obtained everything it needed prior to dismissing you since there was no misconduct. You are no longer employed there and not subject to their policies that might have required you to provide the password. That should have been obtained prior to your termination, their failure to follow good business practice does not create an obligation for you.



            Your company should have created a separation agreement prior to your termination. It would have protected you both. You from continued harassment and requests, and them from any claims by you to any rights to the contents of your computer files. Since you are no longer bound by company policy you could potentially have rights to privacy for all documents on the computer that were not work product. But you would need to consult an attorney to be sure.



            If I were in your situation and I wanted to resist providing the password, I would make them get a court order requiring my compliance. Then I would probably seek to quash that order. The requirement to force the disclosure of the password is that the company show they can not proceed without it, or that the impact with be significant. Since they can bypass your password, this is going to be a very high bar. That whole process will take months to resolve. Either way these are my rights I am exerting and there is no cause to award them fees, as this should have been obtained prior to termination. But that is what I would do I am not providing legal advice for you to follow what could be a very bad example. Should you choose to follow this course you should be aware that many judges are business friendly and may choose not to interpret the law in your favor. This is especially true when you are acting as your own attorney. So no matter how valid your argument and how "right" you are, there is a risk of losing, and in my experience, appellate courts practically ignore pro se pleadings.






            share|improve this answer





























              58












              58








              58







              There are ways for your employer to get access to the computer without your current password. For that reason I would contact the Companies HR or Legal department and advise them that due to the risk of your identity being used you are unwilling to provide provide your password to the company. I would not have any direct contact with your former manager without HR being included.



              Until the court orders you to provide assistance you can choose not to provide the password. However if you choose to force them to go that route you do risk being found liable for other damages and costs as once a company starts down the legal process they are usually more willing to pursue a case in full. If you are not prepared and experienced in dealing with this it can be an expensive learning experience. So read what ever documentation you have and make sure you understand where you stand based on those documents.



              If this legal fight is something you would just prefer to avoid, I would offer to come in and change the password to something that the company defines. I would define the process that you will use to change the password and then log off of the computer and require that someone from HR or the Legal team be there for the entire visit.



              Another option is to ignore the email. Email is not a reliable method of communication. If the message got moved to your junk e-mail, or trash without being read there is no way of telling for either side without investigation.



              Finally, there is no business need demonstrated for the CEO to have your password. Your login can be bypassed through a number of standard methods. The company should have obtained everything it needed prior to dismissing you since there was no misconduct. You are no longer employed there and not subject to their policies that might have required you to provide the password. That should have been obtained prior to your termination, their failure to follow good business practice does not create an obligation for you.



              Your company should have created a separation agreement prior to your termination. It would have protected you both. You from continued harassment and requests, and them from any claims by you to any rights to the contents of your computer files. Since you are no longer bound by company policy you could potentially have rights to privacy for all documents on the computer that were not work product. But you would need to consult an attorney to be sure.



              If I were in your situation and I wanted to resist providing the password, I would make them get a court order requiring my compliance. Then I would probably seek to quash that order. The requirement to force the disclosure of the password is that the company show they can not proceed without it, or that the impact with be significant. Since they can bypass your password, this is going to be a very high bar. That whole process will take months to resolve. Either way these are my rights I am exerting and there is no cause to award them fees, as this should have been obtained prior to termination. But that is what I would do I am not providing legal advice for you to follow what could be a very bad example. Should you choose to follow this course you should be aware that many judges are business friendly and may choose not to interpret the law in your favor. This is especially true when you are acting as your own attorney. So no matter how valid your argument and how "right" you are, there is a risk of losing, and in my experience, appellate courts practically ignore pro se pleadings.






              share|improve this answer















              There are ways for your employer to get access to the computer without your current password. For that reason I would contact the Companies HR or Legal department and advise them that due to the risk of your identity being used you are unwilling to provide provide your password to the company. I would not have any direct contact with your former manager without HR being included.



              Until the court orders you to provide assistance you can choose not to provide the password. However if you choose to force them to go that route you do risk being found liable for other damages and costs as once a company starts down the legal process they are usually more willing to pursue a case in full. If you are not prepared and experienced in dealing with this it can be an expensive learning experience. So read what ever documentation you have and make sure you understand where you stand based on those documents.



              If this legal fight is something you would just prefer to avoid, I would offer to come in and change the password to something that the company defines. I would define the process that you will use to change the password and then log off of the computer and require that someone from HR or the Legal team be there for the entire visit.



              Another option is to ignore the email. Email is not a reliable method of communication. If the message got moved to your junk e-mail, or trash without being read there is no way of telling for either side without investigation.



              Finally, there is no business need demonstrated for the CEO to have your password. Your login can be bypassed through a number of standard methods. The company should have obtained everything it needed prior to dismissing you since there was no misconduct. You are no longer employed there and not subject to their policies that might have required you to provide the password. That should have been obtained prior to your termination, their failure to follow good business practice does not create an obligation for you.



              Your company should have created a separation agreement prior to your termination. It would have protected you both. You from continued harassment and requests, and them from any claims by you to any rights to the contents of your computer files. Since you are no longer bound by company policy you could potentially have rights to privacy for all documents on the computer that were not work product. But you would need to consult an attorney to be sure.



              If I were in your situation and I wanted to resist providing the password, I would make them get a court order requiring my compliance. Then I would probably seek to quash that order. The requirement to force the disclosure of the password is that the company show they can not proceed without it, or that the impact with be significant. Since they can bypass your password, this is going to be a very high bar. That whole process will take months to resolve. Either way these are my rights I am exerting and there is no cause to award them fees, as this should have been obtained prior to termination. But that is what I would do I am not providing legal advice for you to follow what could be a very bad example. Should you choose to follow this course you should be aware that many judges are business friendly and may choose not to interpret the law in your favor. This is especially true when you are acting as your own attorney. So no matter how valid your argument and how "right" you are, there is a risk of losing, and in my experience, appellate courts practically ignore pro se pleadings.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited May 12 '14 at 13:58

























              answered Apr 30 '14 at 18:43









              IDrinkandIKnowThingsIDrinkandIKnowThings

              45.4k16 gold badges109 silver badges198 bronze badges




              45.4k16 gold badges109 silver badges198 bronze badges


























                  42














                  You should check all of your employment related documents, including offer letter, employee handbook, and separation documents, for any mention of penalties for failure to comply with company requests regarding accounts and equipment. These documents, if present, should provide you with legal guidance to answer your question of "Do I have to" (which I have taken to mean "Am I legally obligated to").



                  One reason to check your employment-related documents is for clauses you may have glossed right over when signing them, such as "All ideas, concepts, or expressions (copyrightable or not); copyrighted or copyrightable material; trademark; trade secret; works, inventions, discoveries, improvements, or inventions (whether patentable or not) made, devised, or discovered by the Employee are the property of the Company" which typically is interpreted by the company to mean "Anything you think or do, especially on our equipment, belongs to us, so we have the right to get it." Such wording and expectations are especially true in the state or federal government (in the US) jobs, in which computer use and expectations of privacy or lack thereof are explicitly spelled out, as are personal use of computers, period.



                  After checking your documents, you can decide for yourself if any stated penalties are worth not relinquishing your password, or, in the absence of no legal guidance, if your failure to comply with the request is something you want to be remembered for (by people who may be reference checks).



                  The equipment belongs to the company and, in many organizations, anything on the machine also belongs to them (see examples noted above). In the absence of legal guidance in signed documents, your ethics are your own; as a manager (and someone who very much values privacy) I would recommend giving them the password to the machine (or, as Dukeling says in a comment, offering to go in and type it yourself) and learning a hard lesson about keeping personal stuff on company equipment (e.g. don't do it, or if you do, don't have an expectation of privacy) when your employee agreement actually even allows you to do so.






                  share|improve this answer






















                  • 38





                    I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

                    – IDrinkandIKnowThings
                    Apr 30 '14 at 19:15






                  • 1





                    @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

                    – jcmeloni
                    May 2 '14 at 11:24






                  • 3





                    @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

                    – jmac
                    May 11 '14 at 23:56






                  • 1





                    @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

                    – IDrinkandIKnowThings
                    May 12 '14 at 2:48







                  • 2





                    @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

                    – jmac
                    May 12 '14 at 2:58















                  42














                  You should check all of your employment related documents, including offer letter, employee handbook, and separation documents, for any mention of penalties for failure to comply with company requests regarding accounts and equipment. These documents, if present, should provide you with legal guidance to answer your question of "Do I have to" (which I have taken to mean "Am I legally obligated to").



                  One reason to check your employment-related documents is for clauses you may have glossed right over when signing them, such as "All ideas, concepts, or expressions (copyrightable or not); copyrighted or copyrightable material; trademark; trade secret; works, inventions, discoveries, improvements, or inventions (whether patentable or not) made, devised, or discovered by the Employee are the property of the Company" which typically is interpreted by the company to mean "Anything you think or do, especially on our equipment, belongs to us, so we have the right to get it." Such wording and expectations are especially true in the state or federal government (in the US) jobs, in which computer use and expectations of privacy or lack thereof are explicitly spelled out, as are personal use of computers, period.



                  After checking your documents, you can decide for yourself if any stated penalties are worth not relinquishing your password, or, in the absence of no legal guidance, if your failure to comply with the request is something you want to be remembered for (by people who may be reference checks).



                  The equipment belongs to the company and, in many organizations, anything on the machine also belongs to them (see examples noted above). In the absence of legal guidance in signed documents, your ethics are your own; as a manager (and someone who very much values privacy) I would recommend giving them the password to the machine (or, as Dukeling says in a comment, offering to go in and type it yourself) and learning a hard lesson about keeping personal stuff on company equipment (e.g. don't do it, or if you do, don't have an expectation of privacy) when your employee agreement actually even allows you to do so.






                  share|improve this answer






















                  • 38





                    I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

                    – IDrinkandIKnowThings
                    Apr 30 '14 at 19:15






                  • 1





                    @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

                    – jcmeloni
                    May 2 '14 at 11:24






                  • 3





                    @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

                    – jmac
                    May 11 '14 at 23:56






                  • 1





                    @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

                    – IDrinkandIKnowThings
                    May 12 '14 at 2:48







                  • 2





                    @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

                    – jmac
                    May 12 '14 at 2:58













                  42












                  42








                  42







                  You should check all of your employment related documents, including offer letter, employee handbook, and separation documents, for any mention of penalties for failure to comply with company requests regarding accounts and equipment. These documents, if present, should provide you with legal guidance to answer your question of "Do I have to" (which I have taken to mean "Am I legally obligated to").



                  One reason to check your employment-related documents is for clauses you may have glossed right over when signing them, such as "All ideas, concepts, or expressions (copyrightable or not); copyrighted or copyrightable material; trademark; trade secret; works, inventions, discoveries, improvements, or inventions (whether patentable or not) made, devised, or discovered by the Employee are the property of the Company" which typically is interpreted by the company to mean "Anything you think or do, especially on our equipment, belongs to us, so we have the right to get it." Such wording and expectations are especially true in the state or federal government (in the US) jobs, in which computer use and expectations of privacy or lack thereof are explicitly spelled out, as are personal use of computers, period.



                  After checking your documents, you can decide for yourself if any stated penalties are worth not relinquishing your password, or, in the absence of no legal guidance, if your failure to comply with the request is something you want to be remembered for (by people who may be reference checks).



                  The equipment belongs to the company and, in many organizations, anything on the machine also belongs to them (see examples noted above). In the absence of legal guidance in signed documents, your ethics are your own; as a manager (and someone who very much values privacy) I would recommend giving them the password to the machine (or, as Dukeling says in a comment, offering to go in and type it yourself) and learning a hard lesson about keeping personal stuff on company equipment (e.g. don't do it, or if you do, don't have an expectation of privacy) when your employee agreement actually even allows you to do so.






                  share|improve this answer















                  You should check all of your employment related documents, including offer letter, employee handbook, and separation documents, for any mention of penalties for failure to comply with company requests regarding accounts and equipment. These documents, if present, should provide you with legal guidance to answer your question of "Do I have to" (which I have taken to mean "Am I legally obligated to").



                  One reason to check your employment-related documents is for clauses you may have glossed right over when signing them, such as "All ideas, concepts, or expressions (copyrightable or not); copyrighted or copyrightable material; trademark; trade secret; works, inventions, discoveries, improvements, or inventions (whether patentable or not) made, devised, or discovered by the Employee are the property of the Company" which typically is interpreted by the company to mean "Anything you think or do, especially on our equipment, belongs to us, so we have the right to get it." Such wording and expectations are especially true in the state or federal government (in the US) jobs, in which computer use and expectations of privacy or lack thereof are explicitly spelled out, as are personal use of computers, period.



                  After checking your documents, you can decide for yourself if any stated penalties are worth not relinquishing your password, or, in the absence of no legal guidance, if your failure to comply with the request is something you want to be remembered for (by people who may be reference checks).



                  The equipment belongs to the company and, in many organizations, anything on the machine also belongs to them (see examples noted above). In the absence of legal guidance in signed documents, your ethics are your own; as a manager (and someone who very much values privacy) I would recommend giving them the password to the machine (or, as Dukeling says in a comment, offering to go in and type it yourself) and learning a hard lesson about keeping personal stuff on company equipment (e.g. don't do it, or if you do, don't have an expectation of privacy) when your employee agreement actually even allows you to do so.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited May 2 '14 at 18:24

























                  answered Apr 30 '14 at 17:38









                  jcmelonijcmeloni

                  22.2k9 gold badges77 silver badges93 bronze badges




                  22.2k9 gold badges77 silver badges93 bronze badges










                  • 38





                    I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

                    – IDrinkandIKnowThings
                    Apr 30 '14 at 19:15






                  • 1





                    @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

                    – jcmeloni
                    May 2 '14 at 11:24






                  • 3





                    @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

                    – jmac
                    May 11 '14 at 23:56






                  • 1





                    @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

                    – IDrinkandIKnowThings
                    May 12 '14 at 2:48







                  • 2





                    @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

                    – jmac
                    May 12 '14 at 2:58












                  • 38





                    I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

                    – IDrinkandIKnowThings
                    Apr 30 '14 at 19:15






                  • 1





                    @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

                    – jcmeloni
                    May 2 '14 at 11:24






                  • 3





                    @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

                    – jmac
                    May 11 '14 at 23:56






                  • 1





                    @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

                    – IDrinkandIKnowThings
                    May 12 '14 at 2:48







                  • 2





                    @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

                    – jmac
                    May 12 '14 at 2:58







                  38




                  38





                  I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

                  – IDrinkandIKnowThings
                  Apr 30 '14 at 19:15





                  I agree in principle... but once the company terminated him, he is no longer bound to comply with company policies or any employment agreement as the agreement is only in force as long as the employer agrees to employ the the signatory. Termination breaks the employment agreement and a Seperation agreement would come into play. But it does not sound like the OP got one of those...

                  – IDrinkandIKnowThings
                  Apr 30 '14 at 19:15




                  1




                  1





                  @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

                  – jcmeloni
                  May 2 '14 at 11:24





                  @Łukasz웃Lツ I am speaking about work product, broadly construed; I have edited my answer.

                  – jcmeloni
                  May 2 '14 at 11:24




                  3




                  3





                  @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

                  – jmac
                  May 11 '14 at 23:56





                  @Chad, also note that many contracts have a 'survival' clause which indicates parts of the agreement which will still be in affect after the termination of the agreement (often this is used for confidential information, and possibly a non-compete clause). Just because a contract ends does not mean that the obligations under the contract all terminate immediately, which is why it's a good idea to carefully read through the contract you signed when you joined.

                  – jmac
                  May 11 '14 at 23:56




                  1




                  1





                  @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

                  – IDrinkandIKnowThings
                  May 12 '14 at 2:48






                  @jmac I am not sure why you pointed that at me. But in most of the US a termination prior to the completion of a contract voids the employees obligations. It also does not sound like the OP had a contract. That is quite common in the US for "Permanent" employment positions. Most of those are handled by some sort of employment agreement. Those automatically break at termination of employment even if they claim they survive. That is the reason for a separation agreement. I think this is a good answer because it says check your paperwork. Being aware that they may no longer be valid.

                  – IDrinkandIKnowThings
                  May 12 '14 at 2:48





                  2




                  2





                  @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

                  – jmac
                  May 12 '14 at 2:58





                  @Chad, only pointed at you because you were the one stating that once employment is terminated, so is any agreement between the employee and employer. While this may the case in the US with a lack of a contract, depending on the country and the presence of a contract, it may be wise to double-check in advance. I think the answer is good, I just wanted to make that clear for future readers.

                  – jmac
                  May 12 '14 at 2:58











                  38














                  No, don't hand over your password, as a matter of personal security.



                  Others here have mentioned that your former employer owns your former work computer and the data on it. This is probably the case. If you have personal stuff on there, you were probably misusing the company resources.



                  However, all of that is entirely separate to your password. This is personal information that should be treated as confidential: you have no obligation to hand it over, ever. Your company is not entitled to know your password. None of their ownership over the data, hardware or software entitles them to know this. They are entitled to know and store a hashed version of your password (this is what lets you log in), but they are not entitled to know your password in plain text.



                  They should not need this information under any circumstance.



                  Speaking as someone in IT, if they have half-decent IT resources, they'll be able to reset your account password to something that'll let them gain access, which means they get what they want, and you keep your password private. Or, they'll be able to access your personal files anyway via an administrator's account, and will not require your password to do it. If there's full-disk encryption via BitLocker or some other product, and it's part of company protocol, they should have a plan for how to access your data without needing your information (speaking as someone who works for a company which uses full-disk encryption).



                  If they need your password for anything, it's because they bungled up their IT strategies somewhere, and that's their problem to deal with.



                  Of course, if you encrypted your work stuff outside of protocol (using TrueCrypt or etc) and it's the password for that stuff which they're asking for, then you probably do have at least an ethical responsibility to go in there and provide them with the work they paid you for. Meaning: go in there, decrypt it yourself, and take out the work stuff to give to them. Still don't give them your password.



                  If you're obligated, find another means.



                  I'll maintain that you should absolutely not hand over your password. You should definitely not respond to their email with it, even if you can tell it's authentic (it might not be).



                  Check your company's materials they gave you. If you have any obligations around this, offer an alternate arrangement, such as returning to the company to change your password. If you don't have obligations, decline their request. As I said, their IT folks should be able to handle this without your help.



                  Be willing to burn your bridges here.



                  Others have mentioned they may give you a poor reference if you don't want to comply. It's not worth sacrificing your personal security and confidentiality for the hope of a good reference, though. Further, you have no guarantee they'll give you a good reference if you do comply, but in return you'll be sabotaging yourself so they can get something they want which they shouldn't need. Given how they reacted to your leaving and how they've treated you previously, it doesn't seem you're going to get a good reference anyway.






                  share|improve this answer



























                  • It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

                    – Steve Jessop
                    May 1 '14 at 8:41







                  • 1





                    @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

                    – doppelgreener
                    May 1 '14 at 8:57






                  • 1





                    @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

                    – IDrinkandIKnowThings
                    May 1 '14 at 13:56






                  • 3





                    My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

                    – Tonny
                    May 1 '14 at 20:56






                  • 1





                    I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

                    – Canadian Luke
                    May 2 '14 at 17:25















                  38














                  No, don't hand over your password, as a matter of personal security.



                  Others here have mentioned that your former employer owns your former work computer and the data on it. This is probably the case. If you have personal stuff on there, you were probably misusing the company resources.



                  However, all of that is entirely separate to your password. This is personal information that should be treated as confidential: you have no obligation to hand it over, ever. Your company is not entitled to know your password. None of their ownership over the data, hardware or software entitles them to know this. They are entitled to know and store a hashed version of your password (this is what lets you log in), but they are not entitled to know your password in plain text.



                  They should not need this information under any circumstance.



                  Speaking as someone in IT, if they have half-decent IT resources, they'll be able to reset your account password to something that'll let them gain access, which means they get what they want, and you keep your password private. Or, they'll be able to access your personal files anyway via an administrator's account, and will not require your password to do it. If there's full-disk encryption via BitLocker or some other product, and it's part of company protocol, they should have a plan for how to access your data without needing your information (speaking as someone who works for a company which uses full-disk encryption).



                  If they need your password for anything, it's because they bungled up their IT strategies somewhere, and that's their problem to deal with.



                  Of course, if you encrypted your work stuff outside of protocol (using TrueCrypt or etc) and it's the password for that stuff which they're asking for, then you probably do have at least an ethical responsibility to go in there and provide them with the work they paid you for. Meaning: go in there, decrypt it yourself, and take out the work stuff to give to them. Still don't give them your password.



                  If you're obligated, find another means.



                  I'll maintain that you should absolutely not hand over your password. You should definitely not respond to their email with it, even if you can tell it's authentic (it might not be).



                  Check your company's materials they gave you. If you have any obligations around this, offer an alternate arrangement, such as returning to the company to change your password. If you don't have obligations, decline their request. As I said, their IT folks should be able to handle this without your help.



                  Be willing to burn your bridges here.



                  Others have mentioned they may give you a poor reference if you don't want to comply. It's not worth sacrificing your personal security and confidentiality for the hope of a good reference, though. Further, you have no guarantee they'll give you a good reference if you do comply, but in return you'll be sabotaging yourself so they can get something they want which they shouldn't need. Given how they reacted to your leaving and how they've treated you previously, it doesn't seem you're going to get a good reference anyway.






                  share|improve this answer



























                  • It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

                    – Steve Jessop
                    May 1 '14 at 8:41







                  • 1





                    @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

                    – doppelgreener
                    May 1 '14 at 8:57






                  • 1





                    @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

                    – IDrinkandIKnowThings
                    May 1 '14 at 13:56






                  • 3





                    My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

                    – Tonny
                    May 1 '14 at 20:56






                  • 1





                    I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

                    – Canadian Luke
                    May 2 '14 at 17:25













                  38












                  38








                  38







                  No, don't hand over your password, as a matter of personal security.



                  Others here have mentioned that your former employer owns your former work computer and the data on it. This is probably the case. If you have personal stuff on there, you were probably misusing the company resources.



                  However, all of that is entirely separate to your password. This is personal information that should be treated as confidential: you have no obligation to hand it over, ever. Your company is not entitled to know your password. None of their ownership over the data, hardware or software entitles them to know this. They are entitled to know and store a hashed version of your password (this is what lets you log in), but they are not entitled to know your password in plain text.



                  They should not need this information under any circumstance.



                  Speaking as someone in IT, if they have half-decent IT resources, they'll be able to reset your account password to something that'll let them gain access, which means they get what they want, and you keep your password private. Or, they'll be able to access your personal files anyway via an administrator's account, and will not require your password to do it. If there's full-disk encryption via BitLocker or some other product, and it's part of company protocol, they should have a plan for how to access your data without needing your information (speaking as someone who works for a company which uses full-disk encryption).



                  If they need your password for anything, it's because they bungled up their IT strategies somewhere, and that's their problem to deal with.



                  Of course, if you encrypted your work stuff outside of protocol (using TrueCrypt or etc) and it's the password for that stuff which they're asking for, then you probably do have at least an ethical responsibility to go in there and provide them with the work they paid you for. Meaning: go in there, decrypt it yourself, and take out the work stuff to give to them. Still don't give them your password.



                  If you're obligated, find another means.



                  I'll maintain that you should absolutely not hand over your password. You should definitely not respond to their email with it, even if you can tell it's authentic (it might not be).



                  Check your company's materials they gave you. If you have any obligations around this, offer an alternate arrangement, such as returning to the company to change your password. If you don't have obligations, decline their request. As I said, their IT folks should be able to handle this without your help.



                  Be willing to burn your bridges here.



                  Others have mentioned they may give you a poor reference if you don't want to comply. It's not worth sacrificing your personal security and confidentiality for the hope of a good reference, though. Further, you have no guarantee they'll give you a good reference if you do comply, but in return you'll be sabotaging yourself so they can get something they want which they shouldn't need. Given how they reacted to your leaving and how they've treated you previously, it doesn't seem you're going to get a good reference anyway.






                  share|improve this answer















                  No, don't hand over your password, as a matter of personal security.



                  Others here have mentioned that your former employer owns your former work computer and the data on it. This is probably the case. If you have personal stuff on there, you were probably misusing the company resources.



                  However, all of that is entirely separate to your password. This is personal information that should be treated as confidential: you have no obligation to hand it over, ever. Your company is not entitled to know your password. None of their ownership over the data, hardware or software entitles them to know this. They are entitled to know and store a hashed version of your password (this is what lets you log in), but they are not entitled to know your password in plain text.



                  They should not need this information under any circumstance.



                  Speaking as someone in IT, if they have half-decent IT resources, they'll be able to reset your account password to something that'll let them gain access, which means they get what they want, and you keep your password private. Or, they'll be able to access your personal files anyway via an administrator's account, and will not require your password to do it. If there's full-disk encryption via BitLocker or some other product, and it's part of company protocol, they should have a plan for how to access your data without needing your information (speaking as someone who works for a company which uses full-disk encryption).



                  If they need your password for anything, it's because they bungled up their IT strategies somewhere, and that's their problem to deal with.



                  Of course, if you encrypted your work stuff outside of protocol (using TrueCrypt or etc) and it's the password for that stuff which they're asking for, then you probably do have at least an ethical responsibility to go in there and provide them with the work they paid you for. Meaning: go in there, decrypt it yourself, and take out the work stuff to give to them. Still don't give them your password.



                  If you're obligated, find another means.



                  I'll maintain that you should absolutely not hand over your password. You should definitely not respond to their email with it, even if you can tell it's authentic (it might not be).



                  Check your company's materials they gave you. If you have any obligations around this, offer an alternate arrangement, such as returning to the company to change your password. If you don't have obligations, decline their request. As I said, their IT folks should be able to handle this without your help.



                  Be willing to burn your bridges here.



                  Others have mentioned they may give you a poor reference if you don't want to comply. It's not worth sacrificing your personal security and confidentiality for the hope of a good reference, though. Further, you have no guarantee they'll give you a good reference if you do comply, but in return you'll be sabotaging yourself so they can get something they want which they shouldn't need. Given how they reacted to your leaving and how they've treated you previously, it doesn't seem you're going to get a good reference anyway.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Apr 13 '17 at 12:48









                  Community

                  1




                  1










                  answered May 1 '14 at 3:05









                  doppelgreenerdoppelgreener

                  1,23713 silver badges19 bronze badges




                  1,23713 silver badges19 bronze badges















                  • It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

                    – Steve Jessop
                    May 1 '14 at 8:41







                  • 1





                    @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

                    – doppelgreener
                    May 1 '14 at 8:57






                  • 1





                    @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

                    – IDrinkandIKnowThings
                    May 1 '14 at 13:56






                  • 3





                    My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

                    – Tonny
                    May 1 '14 at 20:56






                  • 1





                    I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

                    – Canadian Luke
                    May 2 '14 at 17:25

















                  • It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

                    – Steve Jessop
                    May 1 '14 at 8:41







                  • 1





                    @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

                    – doppelgreener
                    May 1 '14 at 8:57






                  • 1





                    @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

                    – IDrinkandIKnowThings
                    May 1 '14 at 13:56






                  • 3





                    My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

                    – Tonny
                    May 1 '14 at 20:56






                  • 1





                    I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

                    – Canadian Luke
                    May 2 '14 at 17:25
















                  It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

                  – Steve Jessop
                  May 1 '14 at 8:41






                  It's also interesting to consider the hypothetical situation where the questioner has used full disk encryption (e.g. TrueCrypt) such that the password really is the only way to recover any information from the computer (perhaps including the questioner's work in progress prior to resignation). This removes the "they don't need the password" leg of the argument, and serves as an extreme case of the question whether a weak IT policy truly removes in law all obligations on the former employee, as you state: "they bungled up their IT strategies somewhere, and that's their problem to deal with".

                  – Steve Jessop
                  May 1 '14 at 8:41





                  1




                  1





                  @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

                  – doppelgreener
                  May 1 '14 at 8:57





                  @SteveJessop Good call, and that could either fall under the asker's responsibility or them bungling their strategies, depending on whether it was by protocol or not. I've added that information to my answer.

                  – doppelgreener
                  May 1 '14 at 8:57




                  1




                  1





                  @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

                  – IDrinkandIKnowThings
                  May 1 '14 at 13:56





                  @SteveJessop - There are other options besides providing them with the password even in this case. We do not have enough information to be sure but I would bet that even in the event that the OP used true crypt that a good lawyer could prevail in an argument against having to turn over the password unless there was a separation agreement signed. HR processes exist for a reason beyond filling a desk chair. They protect the company in situations like this. It appears the company failed to follow good business practices with regards to this.

                  – IDrinkandIKnowThings
                  May 1 '14 at 13:56




                  3




                  3





                  My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

                  – Tonny
                  May 1 '14 at 20:56





                  My sentiments exactly. If they can't get at the files without the password their IT policies are a joke. And for God's sake, change all your other passwords anyway!

                  – Tonny
                  May 1 '14 at 20:56




                  1




                  1





                  I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

                  – Canadian Luke
                  May 2 '14 at 17:25





                  I asked this question about using Full Disk Encryption, and recovering in case something like this happens. For those curious, it's a good read

                  – Canadian Luke
                  May 2 '14 at 17:25











                  19














                  Given that, in this situation, you haven't left on good terms, simply ignore this request - don't respond to the email asking for the password.



                  This bridge is already burnt, and there's nothing to be gained by complying with them, while there are potential losses. You've already left the job, there's no need to engage with them further.



                  For the future, as a matter of general practise, don't reuse your personal passwords at work, and clear your personal data down before you leave.






                  share|improve this answer




















                  • 1





                    This answer does not appear to add anything that is not already covered more thoroughly in previous answers

                    – IDrinkandIKnowThings
                    May 1 '14 at 3:06






                  • 1





                    @Chad - It more explictly says 'Ignore the request'.

                    – geekrunner
                    May 1 '14 at 23:16















                  19














                  Given that, in this situation, you haven't left on good terms, simply ignore this request - don't respond to the email asking for the password.



                  This bridge is already burnt, and there's nothing to be gained by complying with them, while there are potential losses. You've already left the job, there's no need to engage with them further.



                  For the future, as a matter of general practise, don't reuse your personal passwords at work, and clear your personal data down before you leave.






                  share|improve this answer




















                  • 1





                    This answer does not appear to add anything that is not already covered more thoroughly in previous answers

                    – IDrinkandIKnowThings
                    May 1 '14 at 3:06






                  • 1





                    @Chad - It more explictly says 'Ignore the request'.

                    – geekrunner
                    May 1 '14 at 23:16













                  19












                  19








                  19







                  Given that, in this situation, you haven't left on good terms, simply ignore this request - don't respond to the email asking for the password.



                  This bridge is already burnt, and there's nothing to be gained by complying with them, while there are potential losses. You've already left the job, there's no need to engage with them further.



                  For the future, as a matter of general practise, don't reuse your personal passwords at work, and clear your personal data down before you leave.






                  share|improve this answer













                  Given that, in this situation, you haven't left on good terms, simply ignore this request - don't respond to the email asking for the password.



                  This bridge is already burnt, and there's nothing to be gained by complying with them, while there are potential losses. You've already left the job, there's no need to engage with them further.



                  For the future, as a matter of general practise, don't reuse your personal passwords at work, and clear your personal data down before you leave.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered May 1 '14 at 2:56









                  geekrunnergeekrunner

                  1,5212 gold badges10 silver badges24 bronze badges




                  1,5212 gold badges10 silver badges24 bronze badges










                  • 1





                    This answer does not appear to add anything that is not already covered more thoroughly in previous answers

                    – IDrinkandIKnowThings
                    May 1 '14 at 3:06






                  • 1





                    @Chad - It more explictly says 'Ignore the request'.

                    – geekrunner
                    May 1 '14 at 23:16












                  • 1





                    This answer does not appear to add anything that is not already covered more thoroughly in previous answers

                    – IDrinkandIKnowThings
                    May 1 '14 at 3:06






                  • 1





                    @Chad - It more explictly says 'Ignore the request'.

                    – geekrunner
                    May 1 '14 at 23:16







                  1




                  1





                  This answer does not appear to add anything that is not already covered more thoroughly in previous answers

                  – IDrinkandIKnowThings
                  May 1 '14 at 3:06





                  This answer does not appear to add anything that is not already covered more thoroughly in previous answers

                  – IDrinkandIKnowThings
                  May 1 '14 at 3:06




                  1




                  1





                  @Chad - It more explictly says 'Ignore the request'.

                  – geekrunner
                  May 1 '14 at 23:16





                  @Chad - It more explictly says 'Ignore the request'.

                  – geekrunner
                  May 1 '14 at 23:16











                  12














                  I think the tricky gotcha here is that they told you to leave, so to me that implies at that moment you were no longer an employee and they can't demand anything more of you. If they wanted the password, they should have taken your offer of a two week notice and had you create a document for that type of information. But, local laws on this may say something different. Had they not told you to immediately leave, I think it would be well within their right to demand the password since you are an employee using their computer. Or, at the very least, they would be within their right to have you hand over a password to the machine after you changed it to a different one.



                  And in the future, always, always, always clean your machine before giving notice!!!! In fact, clean your machine if you have even a hint that something may be changing. And it goes without saying, never use personal passwords on company machines.






                  share|improve this answer




















                  • 4





                    NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

                    – Wesley Long
                    May 2 '14 at 14:13











                  • I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

                    – bharal
                    May 2 '14 at 18:19












                  • @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

                    – GrandmasterB
                    May 2 '14 at 18:53
















                  12














                  I think the tricky gotcha here is that they told you to leave, so to me that implies at that moment you were no longer an employee and they can't demand anything more of you. If they wanted the password, they should have taken your offer of a two week notice and had you create a document for that type of information. But, local laws on this may say something different. Had they not told you to immediately leave, I think it would be well within their right to demand the password since you are an employee using their computer. Or, at the very least, they would be within their right to have you hand over a password to the machine after you changed it to a different one.



                  And in the future, always, always, always clean your machine before giving notice!!!! In fact, clean your machine if you have even a hint that something may be changing. And it goes without saying, never use personal passwords on company machines.






                  share|improve this answer




















                  • 4





                    NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

                    – Wesley Long
                    May 2 '14 at 14:13











                  • I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

                    – bharal
                    May 2 '14 at 18:19












                  • @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

                    – GrandmasterB
                    May 2 '14 at 18:53














                  12












                  12








                  12







                  I think the tricky gotcha here is that they told you to leave, so to me that implies at that moment you were no longer an employee and they can't demand anything more of you. If they wanted the password, they should have taken your offer of a two week notice and had you create a document for that type of information. But, local laws on this may say something different. Had they not told you to immediately leave, I think it would be well within their right to demand the password since you are an employee using their computer. Or, at the very least, they would be within their right to have you hand over a password to the machine after you changed it to a different one.



                  And in the future, always, always, always clean your machine before giving notice!!!! In fact, clean your machine if you have even a hint that something may be changing. And it goes without saying, never use personal passwords on company machines.






                  share|improve this answer













                  I think the tricky gotcha here is that they told you to leave, so to me that implies at that moment you were no longer an employee and they can't demand anything more of you. If they wanted the password, they should have taken your offer of a two week notice and had you create a document for that type of information. But, local laws on this may say something different. Had they not told you to immediately leave, I think it would be well within their right to demand the password since you are an employee using their computer. Or, at the very least, they would be within their right to have you hand over a password to the machine after you changed it to a different one.



                  And in the future, always, always, always clean your machine before giving notice!!!! In fact, clean your machine if you have even a hint that something may be changing. And it goes without saying, never use personal passwords on company machines.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 30 '14 at 21:19









                  GrandmasterBGrandmasterB

                  3,7652 gold badges17 silver badges18 bronze badges




                  3,7652 gold badges17 silver badges18 bronze badges










                  • 4





                    NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

                    – Wesley Long
                    May 2 '14 at 14:13











                  • I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

                    – bharal
                    May 2 '14 at 18:19












                  • @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

                    – GrandmasterB
                    May 2 '14 at 18:53













                  • 4





                    NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

                    – Wesley Long
                    May 2 '14 at 14:13











                  • I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

                    – bharal
                    May 2 '14 at 18:19












                  • @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

                    – GrandmasterB
                    May 2 '14 at 18:53








                  4




                  4





                  NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

                  – Wesley Long
                  May 2 '14 at 14:13





                  NEVER keep personal information on a work machine. Never bring anything in to the office that you aren't willing to lose. Use something like TeamViewer or LogMeIn to access your data on your machine at your home. You never have to worry about "cleaning" the machine if it was never "dirty" to begin with.

                  – Wesley Long
                  May 2 '14 at 14:13













                  I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

                  – bharal
                  May 2 '14 at 18:19






                  I agree with Wesley's suggestion. Also, I don't agree with "cleaning your machine" before giving notice... that sounds like a terrible idea. For instance, you probably are still required to work for some notice period... what are you going to do in that scenario?

                  – bharal
                  May 2 '14 at 18:19














                  @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

                  – GrandmasterB
                  May 2 '14 at 18:53






                  @bharal I meant clean your machine of personal information and files (and things like browser history), not of business related information. That's what the question was about, after all - personal information and personal passwords.

                  – GrandmasterB
                  May 2 '14 at 18:53












                  4














                  You are not an employee any more. This person is not your boss any more. At the point when they told you to leave the building and not come back, they more or less gave up the right to tell you to do anything else ever again. If they want to read any data on the computer you used while you were an employee, they can do that without your password, unless the data is encrypted. If the data is not encrypted, nothing related to your former employment causes them to need your password so they surely have no more right to demand passwords from you than they do from any other non-employee. Me, for example.






                  share|improve this answer




















                  • 2





                    "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

                    – Dukeling
                    May 1 '14 at 14:20











                  • @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

                    – David Richerby
                    May 1 '14 at 14:24






                  • 1





                    OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

                    – Dukeling
                    May 1 '14 at 14:28












                  • @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

                    – cHao
                    May 3 '14 at 17:23







                  • 1





                    @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

                    – cHao
                    May 3 '14 at 22:44
















                  4














                  You are not an employee any more. This person is not your boss any more. At the point when they told you to leave the building and not come back, they more or less gave up the right to tell you to do anything else ever again. If they want to read any data on the computer you used while you were an employee, they can do that without your password, unless the data is encrypted. If the data is not encrypted, nothing related to your former employment causes them to need your password so they surely have no more right to demand passwords from you than they do from any other non-employee. Me, for example.






                  share|improve this answer




















                  • 2





                    "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

                    – Dukeling
                    May 1 '14 at 14:20











                  • @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

                    – David Richerby
                    May 1 '14 at 14:24






                  • 1





                    OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

                    – Dukeling
                    May 1 '14 at 14:28












                  • @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

                    – cHao
                    May 3 '14 at 17:23







                  • 1





                    @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

                    – cHao
                    May 3 '14 at 22:44














                  4












                  4








                  4







                  You are not an employee any more. This person is not your boss any more. At the point when they told you to leave the building and not come back, they more or less gave up the right to tell you to do anything else ever again. If they want to read any data on the computer you used while you were an employee, they can do that without your password, unless the data is encrypted. If the data is not encrypted, nothing related to your former employment causes them to need your password so they surely have no more right to demand passwords from you than they do from any other non-employee. Me, for example.






                  share|improve this answer













                  You are not an employee any more. This person is not your boss any more. At the point when they told you to leave the building and not come back, they more or less gave up the right to tell you to do anything else ever again. If they want to read any data on the computer you used while you were an employee, they can do that without your password, unless the data is encrypted. If the data is not encrypted, nothing related to your former employment causes them to need your password so they surely have no more right to demand passwords from you than they do from any other non-employee. Me, for example.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered May 1 '14 at 13:53









                  David RicherbyDavid Richerby

                  1,74912 silver badges22 bronze badges




                  1,74912 silver badges22 bronze badges










                  • 2





                    "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

                    – Dukeling
                    May 1 '14 at 14:20











                  • @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

                    – David Richerby
                    May 1 '14 at 14:24






                  • 1





                    OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

                    – Dukeling
                    May 1 '14 at 14:28












                  • @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

                    – cHao
                    May 3 '14 at 17:23







                  • 1





                    @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

                    – cHao
                    May 3 '14 at 22:44













                  • 2





                    "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

                    – Dukeling
                    May 1 '14 at 14:20











                  • @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

                    – David Richerby
                    May 1 '14 at 14:24






                  • 1





                    OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

                    – Dukeling
                    May 1 '14 at 14:28












                  • @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

                    – cHao
                    May 3 '14 at 17:23







                  • 1





                    @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

                    – cHao
                    May 3 '14 at 22:44








                  2




                  2





                  "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

                  – Dukeling
                  May 1 '14 at 14:20





                  "They more or less gave up the right to tell you to do anything else ever again" - that's not necessarily true. For one thing, the contract you signed when you started could give them rights here. And what if the data is encrypted, or if they simply don't have the technical knowledge to access the data without your password (which would then require paying for technical services to get access to the data)? Then they can probably make a legal case against you if you don't assist them.

                  – Dukeling
                  May 1 '14 at 14:20













                  @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

                  – David Richerby
                  May 1 '14 at 14:24





                  @Dukeling I specifically said I was only dealing with the case where the data isn't encrypted. They don't need any technical knowledge to log in as an administrator and read the files.

                  – David Richerby
                  May 1 '14 at 14:24




                  1




                  1





                  OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

                  – Dukeling
                  May 1 '14 at 14:28






                  OP may have the admin (/ only) account on the machine, so 'logging in as administrator' isn't necessarily easy / possible.

                  – Dukeling
                  May 1 '14 at 14:28














                  @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

                  – cHao
                  May 3 '14 at 17:23






                  @Dukeling: Long ago, i had a bootable CD specifically made to reset the administrator password on NT-based Windows machines (NT4, 2000, and XP anyway. Haven't tried it since then). Anyone who's used to having to work with someone else's machine should have one as well. And if the computer is on a domain (which ought to always be the case in a business), even that isn't necessary -- a domain admin would be able to change the password virtually at will, or log in on their own account without having to care about the local admin password.

                  – cHao
                  May 3 '14 at 17:23





                  1




                  1





                  @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

                  – cHao
                  May 3 '14 at 22:44






                  @Dukeling: If we go with that assumption, the employer can't afford their own dickishness. :P Two weeks' notice is for the company's benefit far more than the employee's -- most people leaving a company would rather leave right away. He offered them the time to help them transition from having him there to not. Instead, they kicked him out of the building. They don't get to change their minds later and expect the help they rejected already. Or rather, the OP doesn't have to give it to them.

                  – cHao
                  May 3 '14 at 22:44












                  3














                  Most companies (including the one I work for) specifically state in their policies that any network, computer or device that you connect to the network can be legally searched without your consent.



                  Here's an excerpt from my company's manual (we're required to agree before we begin working):




                  Use of company technology, networks, and Internet services does not
                  create any expectation of privacy. [The Company] reserves the right to
                  search and/or monitor any information created, accessed, sent,
                  received, and/or stored in any format by any Company employee on
                  Company equipment or any equipment connected to [The Company's] network.




                  Now, I'm not a lawyer, and the laws in your country may differ from others, but generally speaking, if a company owns a device, they are legally allowed to monitor or search whatever their employees are doing on said device.



                  Furthermore, many company policies also state that personal use of computers or networks is prohibited, so it may actually be possible that you keeping personal information on the computers is a violation of company policy in and of itself, but that's besides the point:



                  If you refuse to surrender your password, they may just say "oh well", format the PC, and you'll never hear from them again.



                  On the other hand, they could possibly take legal action against you, since you've locked up information that they have legally stated is theirs and not given them the key.



                  I would advise you to give them the password or seek legal counsel if you feel that you have other options.






                  share|improve this answer




















                  • 2





                    Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

                    – Trevor
                    Apr 30 '14 at 21:31






                  • 8





                    Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

                    – Andy
                    Apr 30 '14 at 22:56











                  • @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

                    – user12985
                    May 1 '14 at 13:13











                  • @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

                    – user12985
                    May 1 '14 at 14:55






                  • 2





                    @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

                    – DRF
                    Jun 8 '17 at 20:05















                  3














                  Most companies (including the one I work for) specifically state in their policies that any network, computer or device that you connect to the network can be legally searched without your consent.



                  Here's an excerpt from my company's manual (we're required to agree before we begin working):




                  Use of company technology, networks, and Internet services does not
                  create any expectation of privacy. [The Company] reserves the right to
                  search and/or monitor any information created, accessed, sent,
                  received, and/or stored in any format by any Company employee on
                  Company equipment or any equipment connected to [The Company's] network.




                  Now, I'm not a lawyer, and the laws in your country may differ from others, but generally speaking, if a company owns a device, they are legally allowed to monitor or search whatever their employees are doing on said device.



                  Furthermore, many company policies also state that personal use of computers or networks is prohibited, so it may actually be possible that you keeping personal information on the computers is a violation of company policy in and of itself, but that's besides the point:



                  If you refuse to surrender your password, they may just say "oh well", format the PC, and you'll never hear from them again.



                  On the other hand, they could possibly take legal action against you, since you've locked up information that they have legally stated is theirs and not given them the key.



                  I would advise you to give them the password or seek legal counsel if you feel that you have other options.






                  share|improve this answer




















                  • 2





                    Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

                    – Trevor
                    Apr 30 '14 at 21:31






                  • 8





                    Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

                    – Andy
                    Apr 30 '14 at 22:56











                  • @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

                    – user12985
                    May 1 '14 at 13:13











                  • @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

                    – user12985
                    May 1 '14 at 14:55






                  • 2





                    @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

                    – DRF
                    Jun 8 '17 at 20:05













                  3












                  3








                  3







                  Most companies (including the one I work for) specifically state in their policies that any network, computer or device that you connect to the network can be legally searched without your consent.



                  Here's an excerpt from my company's manual (we're required to agree before we begin working):




                  Use of company technology, networks, and Internet services does not
                  create any expectation of privacy. [The Company] reserves the right to
                  search and/or monitor any information created, accessed, sent,
                  received, and/or stored in any format by any Company employee on
                  Company equipment or any equipment connected to [The Company's] network.




                  Now, I'm not a lawyer, and the laws in your country may differ from others, but generally speaking, if a company owns a device, they are legally allowed to monitor or search whatever their employees are doing on said device.



                  Furthermore, many company policies also state that personal use of computers or networks is prohibited, so it may actually be possible that you keeping personal information on the computers is a violation of company policy in and of itself, but that's besides the point:



                  If you refuse to surrender your password, they may just say "oh well", format the PC, and you'll never hear from them again.



                  On the other hand, they could possibly take legal action against you, since you've locked up information that they have legally stated is theirs and not given them the key.



                  I would advise you to give them the password or seek legal counsel if you feel that you have other options.






                  share|improve this answer













                  Most companies (including the one I work for) specifically state in their policies that any network, computer or device that you connect to the network can be legally searched without your consent.



                  Here's an excerpt from my company's manual (we're required to agree before we begin working):




                  Use of company technology, networks, and Internet services does not
                  create any expectation of privacy. [The Company] reserves the right to
                  search and/or monitor any information created, accessed, sent,
                  received, and/or stored in any format by any Company employee on
                  Company equipment or any equipment connected to [The Company's] network.




                  Now, I'm not a lawyer, and the laws in your country may differ from others, but generally speaking, if a company owns a device, they are legally allowed to monitor or search whatever their employees are doing on said device.



                  Furthermore, many company policies also state that personal use of computers or networks is prohibited, so it may actually be possible that you keeping personal information on the computers is a violation of company policy in and of itself, but that's besides the point:



                  If you refuse to surrender your password, they may just say "oh well", format the PC, and you'll never hear from them again.



                  On the other hand, they could possibly take legal action against you, since you've locked up information that they have legally stated is theirs and not given them the key.



                  I would advise you to give them the password or seek legal counsel if you feel that you have other options.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 30 '14 at 18:05







                  user12985

















                  • 2





                    Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

                    – Trevor
                    Apr 30 '14 at 21:31






                  • 8





                    Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

                    – Andy
                    Apr 30 '14 at 22:56











                  • @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

                    – user12985
                    May 1 '14 at 13:13











                  • @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

                    – user12985
                    May 1 '14 at 14:55






                  • 2





                    @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

                    – DRF
                    Jun 8 '17 at 20:05












                  • 2





                    Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

                    – Trevor
                    Apr 30 '14 at 21:31






                  • 8





                    Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

                    – Andy
                    Apr 30 '14 at 22:56











                  • @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

                    – user12985
                    May 1 '14 at 13:13











                  • @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

                    – user12985
                    May 1 '14 at 14:55






                  • 2





                    @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

                    – DRF
                    Jun 8 '17 at 20:05







                  2




                  2





                  Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

                  – Trevor
                  Apr 30 '14 at 21:31





                  Moses, I'm pretty sure we all know your employer's policies on monitoring activities at work. :)

                  – Trevor
                  Apr 30 '14 at 21:31




                  8




                  8





                  Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

                  – Andy
                  Apr 30 '14 at 22:56





                  Unless the OP encrypted the data, its not locked up and any decent IT staff can pretty trivially access it without a password.

                  – Andy
                  Apr 30 '14 at 22:56













                  @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

                  – user12985
                  May 1 '14 at 13:13





                  @Andy That's true, but knowing from past experience, companies can still press charges despite that. I worked for a company where this exact situation happened, and they outsourced the password removal to a very expensive third party, and pressed charges for it all.

                  – user12985
                  May 1 '14 at 13:13













                  @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

                  – user12985
                  May 1 '14 at 14:55





                  @Andy But I'm well aware the password removal would take 10 minutes and a free boot tool :)

                  – user12985
                  May 1 '14 at 14:55




                  2




                  2





                  @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

                  – DRF
                  Jun 8 '17 at 20:05





                  @Moses not if they need certificates stored in MS windows stores for example. There's a fair amount of things that might be encrypted by your password (a key derived from it rather) and you might not realize it.

                  – DRF
                  Jun 8 '17 at 20:05











                  2














                  In any responsible company regardless of size, there will be a checklist for the manager to go through with departing workers, or whomever is responsible that day, if manager is absent. They'll get your badge or key card or company ID, that sort of thing. Sometimes it is done by Human Resources. At that time, while you were still on the premises, they should have asked for your password.



                  Of course, as everyone else said, the IT department should be able to reset the password, or get access to your former computer, easily!



                  It is very peculiar for your former employer to contact you by personal email, (several days? weeks?) later, after telling you to leave immediately after giving notice. Are you certain that the email you received is truly from your former manager, not spoofed or forged?



                  I would NOT disclose the password by return email, under those conditions. That is possibly worse than not responding at all. Even thought your accounts should have been terminated, you can't be certain, as you aren't an employee anymore. Given that you use the same password everywhere, you should be even more leery of sending it by email. I wouldn't reply, but rather wait and see if your former boss telephones you with the same password request.






                  share|improve this answer































                    2














                    In any responsible company regardless of size, there will be a checklist for the manager to go through with departing workers, or whomever is responsible that day, if manager is absent. They'll get your badge or key card or company ID, that sort of thing. Sometimes it is done by Human Resources. At that time, while you were still on the premises, they should have asked for your password.



                    Of course, as everyone else said, the IT department should be able to reset the password, or get access to your former computer, easily!



                    It is very peculiar for your former employer to contact you by personal email, (several days? weeks?) later, after telling you to leave immediately after giving notice. Are you certain that the email you received is truly from your former manager, not spoofed or forged?



                    I would NOT disclose the password by return email, under those conditions. That is possibly worse than not responding at all. Even thought your accounts should have been terminated, you can't be certain, as you aren't an employee anymore. Given that you use the same password everywhere, you should be even more leery of sending it by email. I wouldn't reply, but rather wait and see if your former boss telephones you with the same password request.






                    share|improve this answer





























                      2












                      2








                      2







                      In any responsible company regardless of size, there will be a checklist for the manager to go through with departing workers, or whomever is responsible that day, if manager is absent. They'll get your badge or key card or company ID, that sort of thing. Sometimes it is done by Human Resources. At that time, while you were still on the premises, they should have asked for your password.



                      Of course, as everyone else said, the IT department should be able to reset the password, or get access to your former computer, easily!



                      It is very peculiar for your former employer to contact you by personal email, (several days? weeks?) later, after telling you to leave immediately after giving notice. Are you certain that the email you received is truly from your former manager, not spoofed or forged?



                      I would NOT disclose the password by return email, under those conditions. That is possibly worse than not responding at all. Even thought your accounts should have been terminated, you can't be certain, as you aren't an employee anymore. Given that you use the same password everywhere, you should be even more leery of sending it by email. I wouldn't reply, but rather wait and see if your former boss telephones you with the same password request.






                      share|improve this answer















                      In any responsible company regardless of size, there will be a checklist for the manager to go through with departing workers, or whomever is responsible that day, if manager is absent. They'll get your badge or key card or company ID, that sort of thing. Sometimes it is done by Human Resources. At that time, while you were still on the premises, they should have asked for your password.



                      Of course, as everyone else said, the IT department should be able to reset the password, or get access to your former computer, easily!



                      It is very peculiar for your former employer to contact you by personal email, (several days? weeks?) later, after telling you to leave immediately after giving notice. Are you certain that the email you received is truly from your former manager, not spoofed or forged?



                      I would NOT disclose the password by return email, under those conditions. That is possibly worse than not responding at all. Even thought your accounts should have been terminated, you can't be certain, as you aren't an employee anymore. Given that you use the same password everywhere, you should be even more leery of sending it by email. I wouldn't reply, but rather wait and see if your former boss telephones you with the same password request.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited May 2 '14 at 17:35









                      IDrinkandIKnowThings

                      45.4k16 gold badges109 silver badges198 bronze badges




                      45.4k16 gold badges109 silver badges198 bronze badges










                      answered May 1 '14 at 1:35









                      Ellie KesselmanEllie Kesselman

                      3526 silver badges16 bronze badges




                      3526 silver badges16 bronze badges
























                          0














                          There is no obligation of an employee to give any sort of password information to a company that is for a personal machine.



                          I know that a person should not use the same work and personal passwords but it happens and thus a company has no rights to this.



                          How do I know? I used to run the IT department for a very large international company. We had many users who left without giving us their password. There is nothing legally we could do and trust me if there was my company would certainly follow through on those people. Even people who would not divulge passwords to shared machines/servers/routers/switches, there was basically nothing we could do.



                          So the easiest way out of this... give them a password, but not yours.



                          Now I get them asking if it is a smaller company that has little IT help (or bad IT help). It saves them time and maybe $50. But they should either have an administrator account on every machine that they control or they should have the ability to change your password via Active Directory.



                          What would I do to get your password? I would run rainbow tables against Windows and have it in 5-10 minutes if that. I then would have your exact password. Reason why I mention that is to alert people that if they want their password to remain a secret they should rename it (I suggest 3 times) before handing their equipment over.






                          share|improve this answer





























                            0














                            There is no obligation of an employee to give any sort of password information to a company that is for a personal machine.



                            I know that a person should not use the same work and personal passwords but it happens and thus a company has no rights to this.



                            How do I know? I used to run the IT department for a very large international company. We had many users who left without giving us their password. There is nothing legally we could do and trust me if there was my company would certainly follow through on those people. Even people who would not divulge passwords to shared machines/servers/routers/switches, there was basically nothing we could do.



                            So the easiest way out of this... give them a password, but not yours.



                            Now I get them asking if it is a smaller company that has little IT help (or bad IT help). It saves them time and maybe $50. But they should either have an administrator account on every machine that they control or they should have the ability to change your password via Active Directory.



                            What would I do to get your password? I would run rainbow tables against Windows and have it in 5-10 minutes if that. I then would have your exact password. Reason why I mention that is to alert people that if they want their password to remain a secret they should rename it (I suggest 3 times) before handing their equipment over.






                            share|improve this answer



























                              0












                              0








                              0







                              There is no obligation of an employee to give any sort of password information to a company that is for a personal machine.



                              I know that a person should not use the same work and personal passwords but it happens and thus a company has no rights to this.



                              How do I know? I used to run the IT department for a very large international company. We had many users who left without giving us their password. There is nothing legally we could do and trust me if there was my company would certainly follow through on those people. Even people who would not divulge passwords to shared machines/servers/routers/switches, there was basically nothing we could do.



                              So the easiest way out of this... give them a password, but not yours.



                              Now I get them asking if it is a smaller company that has little IT help (or bad IT help). It saves them time and maybe $50. But they should either have an administrator account on every machine that they control or they should have the ability to change your password via Active Directory.



                              What would I do to get your password? I would run rainbow tables against Windows and have it in 5-10 minutes if that. I then would have your exact password. Reason why I mention that is to alert people that if they want their password to remain a secret they should rename it (I suggest 3 times) before handing their equipment over.






                              share|improve this answer













                              There is no obligation of an employee to give any sort of password information to a company that is for a personal machine.



                              I know that a person should not use the same work and personal passwords but it happens and thus a company has no rights to this.



                              How do I know? I used to run the IT department for a very large international company. We had many users who left without giving us their password. There is nothing legally we could do and trust me if there was my company would certainly follow through on those people. Even people who would not divulge passwords to shared machines/servers/routers/switches, there was basically nothing we could do.



                              So the easiest way out of this... give them a password, but not yours.



                              Now I get them asking if it is a smaller company that has little IT help (or bad IT help). It saves them time and maybe $50. But they should either have an administrator account on every machine that they control or they should have the ability to change your password via Active Directory.



                              What would I do to get your password? I would run rainbow tables against Windows and have it in 5-10 minutes if that. I then would have your exact password. Reason why I mention that is to alert people that if they want their password to remain a secret they should rename it (I suggest 3 times) before handing their equipment over.







                              share|improve this answer












                              share|improve this answer



                              share|improve this answer










                              answered May 1 '14 at 12:21









                              blankipblankip

                              20.5k7 gold badges50 silver badges82 bronze badges




                              20.5k7 gold badges50 silver badges82 bronze badges
























                                  -1














                                  Let's make one assumption here to begin: that there is no arrangement between you and your (former) employer in regards to this situation. Note that I am not referring to a manual excerpt such as what Moses posted - such an excerpt enables the company to monitor and access that information, but does not require you to relinquish passwords.



                                  Remember that passwords = authentication. When you authenticate with a username + password, the username just defines who you are, while the password proves you are who you say you are. If anyone else can prove that, they are functionally you for every location that you chose to use that password. (try telling a boss that you didn't access [random site] when a server log says that your account did)



                                  That being said, I'd approach this pragmatically, and reply with the assumption that your former boss is looking to get into the account that you formerly used; it doesn't matter why, but if you approach it from that angle, there is a lot that you can provide without actually giving your password:



                                  • If you know that the computer had a separate administrator account, you could instruct him/her on logging into that account, changing your account's password to something else, then logging into your former account that way.


                                  • If the hard drive was not encrypted, you could instruct them on reading the contents of the drive by using a USB-to-SATA adapter.


                                  • You can provide brief instruction on how to reset a forgotten administrator password, which isn't as hard as it sounds.


                                  • If it isn't a major hassle for you, and both parties are willing, you could also offer to stop in over the next couple days, where you would login and change the password to a generic one. You may also be able to use this time to get off any documents you (and the company) consider to be personal to you.


                                  Any of these can also be accomplished with a referral to instructions found off of a Google search, and each accomplishes what your former boss is likely looking to accomplish, without actually relenquishing your password.






                                  share|improve this answer





























                                    -1














                                    Let's make one assumption here to begin: that there is no arrangement between you and your (former) employer in regards to this situation. Note that I am not referring to a manual excerpt such as what Moses posted - such an excerpt enables the company to monitor and access that information, but does not require you to relinquish passwords.



                                    Remember that passwords = authentication. When you authenticate with a username + password, the username just defines who you are, while the password proves you are who you say you are. If anyone else can prove that, they are functionally you for every location that you chose to use that password. (try telling a boss that you didn't access [random site] when a server log says that your account did)



                                    That being said, I'd approach this pragmatically, and reply with the assumption that your former boss is looking to get into the account that you formerly used; it doesn't matter why, but if you approach it from that angle, there is a lot that you can provide without actually giving your password:



                                    • If you know that the computer had a separate administrator account, you could instruct him/her on logging into that account, changing your account's password to something else, then logging into your former account that way.


                                    • If the hard drive was not encrypted, you could instruct them on reading the contents of the drive by using a USB-to-SATA adapter.


                                    • You can provide brief instruction on how to reset a forgotten administrator password, which isn't as hard as it sounds.


                                    • If it isn't a major hassle for you, and both parties are willing, you could also offer to stop in over the next couple days, where you would login and change the password to a generic one. You may also be able to use this time to get off any documents you (and the company) consider to be personal to you.


                                    Any of these can also be accomplished with a referral to instructions found off of a Google search, and each accomplishes what your former boss is likely looking to accomplish, without actually relenquishing your password.






                                    share|improve this answer



























                                      -1












                                      -1








                                      -1







                                      Let's make one assumption here to begin: that there is no arrangement between you and your (former) employer in regards to this situation. Note that I am not referring to a manual excerpt such as what Moses posted - such an excerpt enables the company to monitor and access that information, but does not require you to relinquish passwords.



                                      Remember that passwords = authentication. When you authenticate with a username + password, the username just defines who you are, while the password proves you are who you say you are. If anyone else can prove that, they are functionally you for every location that you chose to use that password. (try telling a boss that you didn't access [random site] when a server log says that your account did)



                                      That being said, I'd approach this pragmatically, and reply with the assumption that your former boss is looking to get into the account that you formerly used; it doesn't matter why, but if you approach it from that angle, there is a lot that you can provide without actually giving your password:



                                      • If you know that the computer had a separate administrator account, you could instruct him/her on logging into that account, changing your account's password to something else, then logging into your former account that way.


                                      • If the hard drive was not encrypted, you could instruct them on reading the contents of the drive by using a USB-to-SATA adapter.


                                      • You can provide brief instruction on how to reset a forgotten administrator password, which isn't as hard as it sounds.


                                      • If it isn't a major hassle for you, and both parties are willing, you could also offer to stop in over the next couple days, where you would login and change the password to a generic one. You may also be able to use this time to get off any documents you (and the company) consider to be personal to you.


                                      Any of these can also be accomplished with a referral to instructions found off of a Google search, and each accomplishes what your former boss is likely looking to accomplish, without actually relenquishing your password.






                                      share|improve this answer













                                      Let's make one assumption here to begin: that there is no arrangement between you and your (former) employer in regards to this situation. Note that I am not referring to a manual excerpt such as what Moses posted - such an excerpt enables the company to monitor and access that information, but does not require you to relinquish passwords.



                                      Remember that passwords = authentication. When you authenticate with a username + password, the username just defines who you are, while the password proves you are who you say you are. If anyone else can prove that, they are functionally you for every location that you chose to use that password. (try telling a boss that you didn't access [random site] when a server log says that your account did)



                                      That being said, I'd approach this pragmatically, and reply with the assumption that your former boss is looking to get into the account that you formerly used; it doesn't matter why, but if you approach it from that angle, there is a lot that you can provide without actually giving your password:



                                      • If you know that the computer had a separate administrator account, you could instruct him/her on logging into that account, changing your account's password to something else, then logging into your former account that way.


                                      • If the hard drive was not encrypted, you could instruct them on reading the contents of the drive by using a USB-to-SATA adapter.


                                      • You can provide brief instruction on how to reset a forgotten administrator password, which isn't as hard as it sounds.


                                      • If it isn't a major hassle for you, and both parties are willing, you could also offer to stop in over the next couple days, where you would login and change the password to a generic one. You may also be able to use this time to get off any documents you (and the company) consider to be personal to you.


                                      Any of these can also be accomplished with a referral to instructions found off of a Google search, and each accomplishes what your former boss is likely looking to accomplish, without actually relenquishing your password.







                                      share|improve this answer












                                      share|improve this answer



                                      share|improve this answer










                                      answered Apr 30 '14 at 20:15









                                      bradleyjxbradleyjx

                                      91 bronze badge




                                      91 bronze badge
























                                          -1














                                          Asking for your work password doesn't sound that unusual of a request. If it was a work computer, you shouldn't have had anything too personal on there you wouldn't want your employer to have access to. However, does seem like a bit of a security risk divulging your password if you use it elsewhere.



                                          If I were in your situation, what I would do is act ignorant. Tell them you don't remember the password. If you can't remember the password, then there's little you can do, and unless they can prove you do remember the password (which they can't), then they are fresh out of luck.



                                          While I doubt it would happen, giving them your computer password means they could easily open a web browser and access any website you might have logged into previously and selected, "remember me". If you use the same password for your email, Facebook or Twitter (amongst others) they can log in to those. Chances are they won't, but it is a possibility. It depends on who will be logging onto the computer and what their intentions are.



                                          All that said; please know that this would be considered profoundly immoral to withhold a password intentionally. The employer probably has justified reasons like wanting to make sure you saved all appropriate files to a server they can access. Just because it might be something I would do, doesn't mean you should heed my advice and do it too.






                                          share|improve this answer






















                                          • 2





                                            Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

                                            – IDrinkandIKnowThings
                                            May 2 '14 at 3:00











                                          • There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

                                            – user1023
                                            May 2 '14 at 8:58















                                          -1














                                          Asking for your work password doesn't sound that unusual of a request. If it was a work computer, you shouldn't have had anything too personal on there you wouldn't want your employer to have access to. However, does seem like a bit of a security risk divulging your password if you use it elsewhere.



                                          If I were in your situation, what I would do is act ignorant. Tell them you don't remember the password. If you can't remember the password, then there's little you can do, and unless they can prove you do remember the password (which they can't), then they are fresh out of luck.



                                          While I doubt it would happen, giving them your computer password means they could easily open a web browser and access any website you might have logged into previously and selected, "remember me". If you use the same password for your email, Facebook or Twitter (amongst others) they can log in to those. Chances are they won't, but it is a possibility. It depends on who will be logging onto the computer and what their intentions are.



                                          All that said; please know that this would be considered profoundly immoral to withhold a password intentionally. The employer probably has justified reasons like wanting to make sure you saved all appropriate files to a server they can access. Just because it might be something I would do, doesn't mean you should heed my advice and do it too.






                                          share|improve this answer






















                                          • 2





                                            Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

                                            – IDrinkandIKnowThings
                                            May 2 '14 at 3:00











                                          • There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

                                            – user1023
                                            May 2 '14 at 8:58













                                          -1












                                          -1








                                          -1







                                          Asking for your work password doesn't sound that unusual of a request. If it was a work computer, you shouldn't have had anything too personal on there you wouldn't want your employer to have access to. However, does seem like a bit of a security risk divulging your password if you use it elsewhere.



                                          If I were in your situation, what I would do is act ignorant. Tell them you don't remember the password. If you can't remember the password, then there's little you can do, and unless they can prove you do remember the password (which they can't), then they are fresh out of luck.



                                          While I doubt it would happen, giving them your computer password means they could easily open a web browser and access any website you might have logged into previously and selected, "remember me". If you use the same password for your email, Facebook or Twitter (amongst others) they can log in to those. Chances are they won't, but it is a possibility. It depends on who will be logging onto the computer and what their intentions are.



                                          All that said; please know that this would be considered profoundly immoral to withhold a password intentionally. The employer probably has justified reasons like wanting to make sure you saved all appropriate files to a server they can access. Just because it might be something I would do, doesn't mean you should heed my advice and do it too.






                                          share|improve this answer















                                          Asking for your work password doesn't sound that unusual of a request. If it was a work computer, you shouldn't have had anything too personal on there you wouldn't want your employer to have access to. However, does seem like a bit of a security risk divulging your password if you use it elsewhere.



                                          If I were in your situation, what I would do is act ignorant. Tell them you don't remember the password. If you can't remember the password, then there's little you can do, and unless they can prove you do remember the password (which they can't), then they are fresh out of luck.



                                          While I doubt it would happen, giving them your computer password means they could easily open a web browser and access any website you might have logged into previously and selected, "remember me". If you use the same password for your email, Facebook or Twitter (amongst others) they can log in to those. Chances are they won't, but it is a possibility. It depends on who will be logging onto the computer and what their intentions are.



                                          All that said; please know that this would be considered profoundly immoral to withhold a password intentionally. The employer probably has justified reasons like wanting to make sure you saved all appropriate files to a server they can access. Just because it might be something I would do, doesn't mean you should heed my advice and do it too.







                                          share|improve this answer














                                          share|improve this answer



                                          share|improve this answer








                                          edited 2 hours ago

























                                          answered May 1 '14 at 4:21









                                          Dwayne CharringtonDwayne Charrington

                                          4352 silver badges7 bronze badges




                                          4352 silver badges7 bronze badges










                                          • 2





                                            Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

                                            – IDrinkandIKnowThings
                                            May 2 '14 at 3:00











                                          • There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

                                            – user1023
                                            May 2 '14 at 8:58












                                          • 2





                                            Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

                                            – IDrinkandIKnowThings
                                            May 2 '14 at 3:00











                                          • There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

                                            – user1023
                                            May 2 '14 at 8:58







                                          2




                                          2





                                          Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

                                          – IDrinkandIKnowThings
                                          May 2 '14 at 3:00





                                          Hopefully others will take note of the change and reverse their votes as well as I think this is now a solid answer.

                                          – IDrinkandIKnowThings
                                          May 2 '14 at 3:00













                                          There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

                                          – user1023
                                          May 2 '14 at 8:58





                                          There are things I completely disagree, such as that it's not an unusual request. But the suggestion that you can always 'forget' your passoword (or say you've got it in your wallet because your memory is not so good for password, and you've thrown the sheet away) is valuable.

                                          – user1023
                                          May 2 '14 at 8:58











                                          -3














                                          What rights does the ex-employer have? They have the rights to any company data on the computer, and the right to have that computer in a usable state. With hard drive encryption, the computer might not actually be usable. Throwing out the employee and turning him into an ex-employee without making sure they have these things is of course stupid.



                                          What rights does the ex-employee have? He has the right not to divulge his password, which he is using for his private banking as well (I know it is stupid to use the same password), he has the right that private data on the computer stay private and are not used against him. Remember he is an ex employee. He has the right not to do any work for the company without payment.



                                          A reasonable thing to happen would be for the ex-employee to come to the company at a reasonable time, with expenses paid, and change the computer password to "1234" or "Password" or whatever, so the company can exercise their rights. The next reasonable thing to happen would be for the company to accept that other or to make a different reasonable offer.



                                          The former boss has no right to know the password, but he has the right to get the computer made usable. But not for free; the notice period is there for exactly that kind of thing.






                                          share|improve this answer




















                                          • 3





                                            This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

                                            – Monica Cellio
                                            May 1 '14 at 21:18






                                          • 1





                                            "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

                                            – user1023
                                            May 2 '14 at 8:55











                                          • @user1023: Yes. Most likely better than you.

                                            – gnasher729
                                            Jul 14 '16 at 23:26















                                          -3














                                          What rights does the ex-employer have? They have the rights to any company data on the computer, and the right to have that computer in a usable state. With hard drive encryption, the computer might not actually be usable. Throwing out the employee and turning him into an ex-employee without making sure they have these things is of course stupid.



                                          What rights does the ex-employee have? He has the right not to divulge his password, which he is using for his private banking as well (I know it is stupid to use the same password), he has the right that private data on the computer stay private and are not used against him. Remember he is an ex employee. He has the right not to do any work for the company without payment.



                                          A reasonable thing to happen would be for the ex-employee to come to the company at a reasonable time, with expenses paid, and change the computer password to "1234" or "Password" or whatever, so the company can exercise their rights. The next reasonable thing to happen would be for the company to accept that other or to make a different reasonable offer.



                                          The former boss has no right to know the password, but he has the right to get the computer made usable. But not for free; the notice period is there for exactly that kind of thing.






                                          share|improve this answer




















                                          • 3





                                            This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

                                            – Monica Cellio
                                            May 1 '14 at 21:18






                                          • 1





                                            "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

                                            – user1023
                                            May 2 '14 at 8:55











                                          • @user1023: Yes. Most likely better than you.

                                            – gnasher729
                                            Jul 14 '16 at 23:26













                                          -3












                                          -3








                                          -3







                                          What rights does the ex-employer have? They have the rights to any company data on the computer, and the right to have that computer in a usable state. With hard drive encryption, the computer might not actually be usable. Throwing out the employee and turning him into an ex-employee without making sure they have these things is of course stupid.



                                          What rights does the ex-employee have? He has the right not to divulge his password, which he is using for his private banking as well (I know it is stupid to use the same password), he has the right that private data on the computer stay private and are not used against him. Remember he is an ex employee. He has the right not to do any work for the company without payment.



                                          A reasonable thing to happen would be for the ex-employee to come to the company at a reasonable time, with expenses paid, and change the computer password to "1234" or "Password" or whatever, so the company can exercise their rights. The next reasonable thing to happen would be for the company to accept that other or to make a different reasonable offer.



                                          The former boss has no right to know the password, but he has the right to get the computer made usable. But not for free; the notice period is there for exactly that kind of thing.






                                          share|improve this answer













                                          What rights does the ex-employer have? They have the rights to any company data on the computer, and the right to have that computer in a usable state. With hard drive encryption, the computer might not actually be usable. Throwing out the employee and turning him into an ex-employee without making sure they have these things is of course stupid.



                                          What rights does the ex-employee have? He has the right not to divulge his password, which he is using for his private banking as well (I know it is stupid to use the same password), he has the right that private data on the computer stay private and are not used against him. Remember he is an ex employee. He has the right not to do any work for the company without payment.



                                          A reasonable thing to happen would be for the ex-employee to come to the company at a reasonable time, with expenses paid, and change the computer password to "1234" or "Password" or whatever, so the company can exercise their rights. The next reasonable thing to happen would be for the company to accept that other or to make a different reasonable offer.



                                          The former boss has no right to know the password, but he has the right to get the computer made usable. But not for free; the notice period is there for exactly that kind of thing.







                                          share|improve this answer












                                          share|improve this answer



                                          share|improve this answer










                                          answered May 1 '14 at 11:44









                                          gnasher729gnasher729

                                          5973 silver badges3 bronze badges




                                          5973 silver badges3 bronze badges










                                          • 3





                                            This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

                                            – Monica Cellio
                                            May 1 '14 at 21:18






                                          • 1





                                            "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

                                            – user1023
                                            May 2 '14 at 8:55











                                          • @user1023: Yes. Most likely better than you.

                                            – gnasher729
                                            Jul 14 '16 at 23:26












                                          • 3





                                            This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

                                            – Monica Cellio
                                            May 1 '14 at 21:18






                                          • 1





                                            "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

                                            – user1023
                                            May 2 '14 at 8:55











                                          • @user1023: Yes. Most likely better than you.

                                            – gnasher729
                                            Jul 14 '16 at 23:26







                                          3




                                          3





                                          This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

                                          – Monica Cellio
                                          May 1 '14 at 21:18





                                          This doesn't seem to add anything beyond the answers that were already here. Am I missing something?

                                          – Monica Cellio
                                          May 1 '14 at 21:18




                                          1




                                          1





                                          "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

                                          – user1023
                                          May 2 '14 at 8:55





                                          "With hard drive encryption, the computer might not actually be usable." eghm, do you actually understand how hard-drive encryption works?

                                          – user1023
                                          May 2 '14 at 8:55













                                          @user1023: Yes. Most likely better than you.

                                          – gnasher729
                                          Jul 14 '16 at 23:26





                                          @user1023: Yes. Most likely better than you.

                                          – gnasher729
                                          Jul 14 '16 at 23:26











                                          -3














                                          If the PC is company property and you have "locked" access by the company by using a password and not making it available, you could be in trouble. And if you opened the company by using a password that you also used for some potentially insecure remote site, you could be in even more trouble.



                                          The reference in the @jcmeloni answer to intellectual property could be an additional element. If it's a company PC, the company owns the password as well as everything else on the PC.



                                          While you might not be in a jurisdiction that explicitly covers this situation, case law does exist that could be relevant. Probably the most notorious was over Terry Childs ( see People v. Childs, 2013 WL 5779044 (Cal. App. Ct. Oct. 25, 2013). ) That was far more egregious than your circumstances, but there are related principles.



                                          You'll not only want to be sure you're legally covered, but you'll also want to be sure your future career is safe. Even a small court case can be long-term trouble for your future.



                                          With all of that said, as others have mentioned, the company has physical access to the PC and can recover the password without much trouble. You aren't keeping it "secret" by refusing to divulge it. At most, you're delaying access. But at worst, you might be making serious trouble for yourself with essentially zero risk to the company.






                                          share|improve this answer




















                                          • 3





                                            The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

                                            – IDrinkandIKnowThings
                                            May 3 '14 at 18:55











                                          • In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

                                            – cHao
                                            May 3 '14 at 22:05












                                          • @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

                                            – user2338816
                                            May 4 '14 at 7:53











                                          • Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

                                            – cHao
                                            May 4 '14 at 9:17












                                          • @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

                                            – user2338816
                                            May 4 '14 at 10:38















                                          -3














                                          If the PC is company property and you have "locked" access by the company by using a password and not making it available, you could be in trouble. And if you opened the company by using a password that you also used for some potentially insecure remote site, you could be in even more trouble.



                                          The reference in the @jcmeloni answer to intellectual property could be an additional element. If it's a company PC, the company owns the password as well as everything else on the PC.



                                          While you might not be in a jurisdiction that explicitly covers this situation, case law does exist that could be relevant. Probably the most notorious was over Terry Childs ( see People v. Childs, 2013 WL 5779044 (Cal. App. Ct. Oct. 25, 2013). ) That was far more egregious than your circumstances, but there are related principles.



                                          You'll not only want to be sure you're legally covered, but you'll also want to be sure your future career is safe. Even a small court case can be long-term trouble for your future.



                                          With all of that said, as others have mentioned, the company has physical access to the PC and can recover the password without much trouble. You aren't keeping it "secret" by refusing to divulge it. At most, you're delaying access. But at worst, you might be making serious trouble for yourself with essentially zero risk to the company.






                                          share|improve this answer




















                                          • 3





                                            The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

                                            – IDrinkandIKnowThings
                                            May 3 '14 at 18:55











                                          • In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

                                            – cHao
                                            May 3 '14 at 22:05












                                          • @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

                                            – user2338816
                                            May 4 '14 at 7:53











                                          • Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

                                            – cHao
                                            May 4 '14 at 9:17












                                          • @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

                                            – user2338816
                                            May 4 '14 at 10:38













                                          -3












                                          -3








                                          -3







                                          If the PC is company property and you have "locked" access by the company by using a password and not making it available, you could be in trouble. And if you opened the company by using a password that you also used for some potentially insecure remote site, you could be in even more trouble.



                                          The reference in the @jcmeloni answer to intellectual property could be an additional element. If it's a company PC, the company owns the password as well as everything else on the PC.



                                          While you might not be in a jurisdiction that explicitly covers this situation, case law does exist that could be relevant. Probably the most notorious was over Terry Childs ( see People v. Childs, 2013 WL 5779044 (Cal. App. Ct. Oct. 25, 2013). ) That was far more egregious than your circumstances, but there are related principles.



                                          You'll not only want to be sure you're legally covered, but you'll also want to be sure your future career is safe. Even a small court case can be long-term trouble for your future.



                                          With all of that said, as others have mentioned, the company has physical access to the PC and can recover the password without much trouble. You aren't keeping it "secret" by refusing to divulge it. At most, you're delaying access. But at worst, you might be making serious trouble for yourself with essentially zero risk to the company.






                                          share|improve this answer













                                          If the PC is company property and you have "locked" access by the company by using a password and not making it available, you could be in trouble. And if you opened the company by using a password that you also used for some potentially insecure remote site, you could be in even more trouble.



                                          The reference in the @jcmeloni answer to intellectual property could be an additional element. If it's a company PC, the company owns the password as well as everything else on the PC.



                                          While you might not be in a jurisdiction that explicitly covers this situation, case law does exist that could be relevant. Probably the most notorious was over Terry Childs ( see People v. Childs, 2013 WL 5779044 (Cal. App. Ct. Oct. 25, 2013). ) That was far more egregious than your circumstances, but there are related principles.



                                          You'll not only want to be sure you're legally covered, but you'll also want to be sure your future career is safe. Even a small court case can be long-term trouble for your future.



                                          With all of that said, as others have mentioned, the company has physical access to the PC and can recover the password without much trouble. You aren't keeping it "secret" by refusing to divulge it. At most, you're delaying access. But at worst, you might be making serious trouble for yourself with essentially zero risk to the company.







                                          share|improve this answer












                                          share|improve this answer



                                          share|improve this answer










                                          answered May 3 '14 at 15:19









                                          user2338816user2338816

                                          1074 bronze badges




                                          1074 bronze badges










                                          • 3





                                            The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

                                            – IDrinkandIKnowThings
                                            May 3 '14 at 18:55











                                          • In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

                                            – cHao
                                            May 3 '14 at 22:05












                                          • @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

                                            – user2338816
                                            May 4 '14 at 7:53











                                          • Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

                                            – cHao
                                            May 4 '14 at 9:17












                                          • @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

                                            – user2338816
                                            May 4 '14 at 10:38












                                          • 3





                                            The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

                                            – IDrinkandIKnowThings
                                            May 3 '14 at 18:55











                                          • In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

                                            – cHao
                                            May 3 '14 at 22:05












                                          • @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

                                            – user2338816
                                            May 4 '14 at 7:53











                                          • Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

                                            – cHao
                                            May 4 '14 at 9:17












                                          • @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

                                            – user2338816
                                            May 4 '14 at 10:38







                                          3




                                          3





                                          The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

                                          – IDrinkandIKnowThings
                                          May 3 '14 at 18:55





                                          The Childs case was not about a pc password but about an administrator that refused to grant access to his superiors at a government facility to the network protected servers. I seriously doubt much of that decision would apply here. Also your link is broken.

                                          – IDrinkandIKnowThings
                                          May 3 '14 at 18:55













                                          In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

                                          – cHao
                                          May 3 '14 at 22:05






                                          In a decently secure system, the company can't recover the password, because it's not stored in a reversible form. So you are indeed keeping the password secret by refusing to give it to them. They can, however, reset it at will -- literally, a couple of mouse clicks. So what do they need to know the current password for?

                                          – cHao
                                          May 3 '14 at 22:05














                                          @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

                                          – user2338816
                                          May 4 '14 at 7:53





                                          @cHao The existence of the question could mean it's not a "decently secured" environment. And resetting with "a couple mouse clicks" depends on whether accounts are machine or domain accounts, what passwords are on the machine (BIOS? HDD?), etc. Finally, recovery is possible even with one-way-hashes if the password isn't strong, and we have to wonder if the OP used good password practices. But all of that is tangential to the question of whether the OP should cooperate or not.

                                          – user2338816
                                          May 4 '14 at 7:53













                                          Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

                                          – cHao
                                          May 4 '14 at 9:17






                                          Somewhat tangential, yes. But it was your very own point. :) Frankly, the post reads as "you're gonna make the Company mad, and there's no point in not telling them, so you might as well be a good boy and bend over". The legalities are actually pretty freaking clear if the OP never signed an employment agreement, as he claims...without that, he is not at all obligated to do anything but watch the company reap the rewards of their dickishness.

                                          – cHao
                                          May 4 '14 at 9:17














                                          @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

                                          – user2338816
                                          May 4 '14 at 10:38





                                          @cHao It's not necessary to sign anything, though that would make the company's position far stronger if the document covered the situation. It can only need to be covered in standard 'Employee Handbook' policy documents or other means supplied to employees. Actually, it only needs to be directed by a court regardless of any signed or unsigned documents. Whenever anything goes to a court, it comes down to the final court decision; and nothing else matters once that's delivered. (In terms of future employers, it might be worse if the OP wins.)

                                          – user2338816
                                          May 4 '14 at 10:38





                                          protected by Jane S Jul 14 '16 at 7:20



                                          Thank you for your interest in this question.
                                          Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                                          Would you like to answer one of these unanswered questions instead?



                                          Popular posts from this blog

                                          Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                                          Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                                          199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單