Our IT service team recently dealt with an interesting project for a computer support client in Oakville.
When someone talks about password hacking we all immediately think of some heinous villain trying to capture passwords and logins to use them for illegal purposes. There are times however when use of specialized tools to hack a password can be for very legitimate and important activity.
Locked file from former employee
The case in point was for a client that had an employee leave their company and the employee had a number of documents that were secured using a password. The password was not known to anyone in management or any other employee on site. The situation was not conducive to getting the password from the former employee but the information contained in the files was important to the business.
Our team was called in to see if they could help. Using some specialized software that is even used by the FBI at times they were able to group a number of computers together an after some time the required password was identified and the client files were able to be recovered.
As can be imagined the client was very happy and they were relieved that they had access to their data.
Use of this type of software requires knowledge and should only be undertaken with solid affirmation that the persons seeking the information are authorized to do so. In our case the files were on a client company's computer, in their location and the authorization was from a senior manager in the firm. Anything less than that and we would have refused to attempt the crack.
TechRepublic recently published for the technical industry a blog entitled Five trustworthy password recovery tools which talks about specific programs which can do this work. I don't wish to republish the document in this forum as the information is pretty technical in nature and most of the readers of this blog will not be doing this work themselves. If someone needed the information I will invite them to use my contact information directly and we can discuss pointing them in the right direction.
Legitimate use of these highly ethically charged resources is something which has to be considered seriously and should not be just bandied around for all to try. On the other hand for serious IT service providers these are tools that are needed to assist clients with otherwise impossible challenges.
How do you manage passwords so employee turn over does not create problems of access? Do you have a secured password retrieval policy in place? Should you?