Legality of decrypting passwords

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am having an argument with a coworker, who thinks it is fine to
decrypt users passwords to migrate files, as it is faster and more
convenient than having the users resetting their passwords.

I am sure this is almost never necessary, is a horrible invasion of
privacy, and quite possibly illegal.

Can anyone shed light on if this is legal or not, and if signing away
your data to the company would extend to them having the right to
decrypt your passwords?

Any legal cases would be extra useful


Re: Legality of decrypting passwords writes:
Quoted text here. Click to load it

Illegal? How so?

The servers would belong to your company. All data on them including
user account info/username/passwords/etc would belong to your
company. If you are authorized by your company to do what admin work
you need to do, ultimately you are working for your company as per
their policies. (ie. this extends to email, any and all files on the
company equipment, etc. If you don't want your company to know
anything personal, don't put anything personal on their systems).

If anything, this is a policy issue decided by the CIO or whatever
passes as such at your company.  If they have authorized you to do
your work and this is necessary to do your work, then thats their
policy allowing it.

Not sure why an admin would even need a user password to do file
migrations in the first place, just do it and update whatever pointer
to where they are.

Site Timeline