• aeronmelon@lemmy.world
    link
    fedilink
    English
    arrow-up
    92
    arrow-down
    1
    ·
    edit-2
    5 months ago

    That might be slightly illegal.

    That person might be slightly doomed.

    Companies need to remember to change the login password BEFORE firing people with login passwords.

    • Zorsith@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      2
      ·
      5 months ago

      One man IT shop maybe? Usually stuff like that goes through IT, because who in their right mind would give HR modify access to active directory?

      • thejml@lemm.ee
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        3
        ·
        5 months ago

        Generally a firing is decided the previous day or at least an hour before it happens. Discussions are made prior to the actual meeting where the firing occurs. IT is on standby. They either deactivate the AD account and related auth methods when the employee walks in the office to have the discussion. This is a well oiled machine, so that all parties know their parts. The meeting/discussion is solely a formality and by two minutes into it, theres no longer any access granted. Security shows up at the meeting to escort the employee out and collect their badge or keys. Maybe they let the employee walk by their desk to collect their stuff, maybe the employer ships it to them later, depends on the circumstances and office layout.

        • KISSmyOSFeddit@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          5 months ago

          At my last job I was informed that I’d be terminated, then had to work normally for another month (the termination period), where I still had full domain admin access to all our own and our customers’ systems.
          On my last day I myself had to write down a list of all the logins I had and give that to my boss, because no one else knew what accesses I even had.
          During the last hour I wiped my own company PC and gave back all hardware I was given. Again, there wasn’t any record of what I was given over the years so they took my word for it. This included unencrypted USB drives with sensitive medical data on them.

          • dubyakay@lemmy.ca
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            As someone who worked for German, as well as North American companies, your experience is not the norm in NA. Wish it was.

        • Bilb!@lem.monster
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          5 months ago

          I was let go somewhat recently and I noticed just yesterday that I still have admin access to their facebook app.

    • Pacmanlives@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      5 months ago

      I mean kind of depends. I got a soft layoff so worked 6 months more and got 3 months pay for the transfer to India.

      I think best practices for highly secure environments is at the time of notice you lock the account and give that person 2 weeks off.

      Most normal company’s it’s cool work till your last day, do your exit interview and we lock your account on Friday afternoon or Monday

      Also you never want to change someone’s password on termination. What if their login is running some business critical tasks? Not best practices but I can tell you it happens a lot especially for reporting. If you lock the account you can always just reenable it and work to fix the issue

    • Potatos_are_not_friends@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      Last year, I tried my admin creds at my old job and it still worked. I was afraid of retaliation so I sent them a message from a throwaway email about changing their passwords.

      • KISSmyOSFeddit@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        Legally, it would have been better to send the mail from your personal account.
        Otherwise there’s a possibility that something happens to get fucked up right around the time you logged in, they pull the logs and find your access.
        Bam, motive and opportunity, and no way to provide an alibi.