fast answer Friday: 7 short answers to 7 short questions

It’s fast answer Friday! We’ve got coworkers who won’t train someone, how to answer your boss’s phone, and more. Here we go…

1. Who should have employee passwords?

Who should confidentially hold the usernames and passwords for employees’ server, e-mail and SharePoint access? Some say HR and some say IT. Put another way, are user names and passwords an IT issue or an HR issue? I believe in normalized data structure so primary data can reside in only one place. BOTH is not a satisfactory answer for me.

IT. HR doesn’t need them, and IT might. If your HR department is asking for them, it’s a sign they’re overreaching, probably on other stuff too.

2. When negotiating salary, how much more can you ask for?

There’s a job that I really want, and I feel I have a good chance of getting an offer. However, the salary stated in the posting is significantly lower than my current salary. This job has many other benefits, such as a better commute, better work environment, and a better schedule, but I’m living paycheck to paycheck as it is and can’t work for any less, and would ideally like to make 5 to 10 percent more. So I want to know–when negotiating salary after a job offer, is there a percentage that is a good starting point? Say 15 or 20 percent of the base salary listed? I don’t want to come off as arrogant or ignorant, but I also don’t want to undervalue myself (which is hard because right now, my field is oversaturated so there are plenty of people willing to work at well below market value).

There’s no hard and fast rule because things vary by industry and type of position, but if a salary was listed up-front in a job posting, then 15-20% more is a lot to ask for (because it raises the question of why you applied in the first place if you’re so far apart on salary, or at least why you didn’t raise the issue earlier in the process). 10% is closer to where you’re probably going to be able to end up, but again, there’s a lot of variation. Some companies (especially smaller ones) are waiting to find out what they’ll need to pay (based on what the people they want are willing to work for) and others have a very set range in mind and won’t consider going outside of it.

Ultimately, though, what you need to know is what the market rate is for this type of work in this particular field in this particular geographic area — and if your field is oversaturated with people willing to work for less, by definition that will lower the market rate.

3. Coworkers won’t give me the training I need

I’ve been at a company for 20+ years. Six months ago, I accepted a new position in a different department. My problem is there are two people in the group who are supposed to be training me but neither one seems to want to give up the information they have – they make excuses for not having the time to sit with me. I discussed this with the manager of the team but instead of speaking to these people individually, she made a general statement about the need for training to the whole team in a staff meeting. It didn’t change anything. What more can I do to get these coworkers to train me?

You need to go back to your manager and let her know that the problem has continued. You might suggest that it would be helpful for her to talk to them individually, since they seemed to have missed the message last time. And you can also try talking to the coworkers directly yourself and asking them point-blank to give you the help you need (be nice, not demanding, but be direct). But ultimately if you’re not getting what you need, your manager needs to know about it.

4. How can I help my new boss succeed?

Yesterday, my boss (the executive director of a professional organization) had his contract terminated by the Board. A colleague of mine was promoted as interim executive director, and the Board is hoping that he’ll take on the job full-time. He knows the organization, he’s really on the ball, and we have a good working relationship. I’m really hoping that he succeeds in the role. Is there anything I can do to help him settle in? (Other than doing my job well and making sure I’m available for him if he needs it, obviously.) We’re a very small office — right now it’s just the two of us, so it’s not like he can get help from other managers or shift some of his old responsibilities on anyone but me, and I’m not really qualified for a lot of them. (He’s an event planner, I’m an admin assistant.)

Ask him! Tell him that you’re thrilled to see him in the role and that you want to do anything you can to help. Ask him what would be helpful for you do to. And then ask again in a few weeks.

5. Help! My boss is leaving

I found out that my boss gave her notice and will be leaving soon. This is a devastating loss for the department and I am truly worried about how we are going to keep up with the workload without having someone there in her position. I’m worried that everyone’s work is going to suffer greatly and that I will be working 14-hour mad dash days until a new plan is created. My team is already overloaded with work and it’s very overwhelming thinking about how to keep up now that our manager will no longer be there.

Talk to your boss while she’s still there and tell her what you’re worrying about. Ask her advice, and ask what the plan is for keeping things running until a new manager is hired. Specific things you want to know: What’s the likely timeline for bringing in someone new? Who will you be reporting to until then? How will decisions that she normally made be getting made? Who will be covering X, Y, and Z? Are there things you can do to help out in the meantime? (If you’re interested, this can be a good time to rack up new accomplishments that can help you in the future.)

And once she’s gone, you should feel free to talk to your interim boss (which might be your current manager’s boss, or it might be someone else) and raise problems as they arise. But don’t be too anxious — this stuff happens all the time; it’s just part of business.

6. Online application systems that automatically screen you out

What do you think of job application systems that ask you a series of questions and automatically screen you out if you don’t meet the minimum qualifications? I recently submitted an application for a position requesting 6 years of experience and I only have 4. After answering a question on the online application about how many years of experience I have, I was immediately informed that I didn’t meet the minimum qualifications and I was rejected. I understand that hiring managers receive high volumes of applications and some way to screen them is necessary. However, it seems short-sighted to use such stringent measures to screen out candidates when there could be other equally valuable qualities they bring to the table (for example: less years of experience, but the experience is of a high quality). Shouldn’t a human being at least glance at the resume before it’s summarily dismissed? I’d love to know your opinion on this.

Yep, for the majority of positions, it’s short-sighted. Hiring shouldn’t be an automated process; a good hiring manager who really gets the value of having the best team possible looks at the totality of a candidate, which is something these automated systems don’t do.

7. How should I answer my boss’s phone?

I have a (hopefully) easy question. I’m an Executive Assistant and have taken on the added responsibility of answering my Executive’s desk phone (he used to answer all of his calls). This was a suggestion I made to save him time, and he loves it! But he doesn’t care how I answer the phone, so what do I say when I answer his line? My standard greeting is “Thank you for calling XYZ Company, this is Jane, how can I help you?” If I add “You have reached John Smith’s office” my greeting sounds too long. What is proper etiquette? When I don’t mention John Smith, the caller thinks they have dialed the wrong extension, then I have to explain that I am John’s assistant.

Oh yeah, that’s too long! You don’t need to give the company name (unless your company specifically wants you to, but I’d bet money that your boss wasn’t answering his own phone that way). Personally, I’d just say: “Robert Smith’s office.” If that feels too brusque to you, you can add in a “how can I help you?” but you don’t need to — it tends to be implied.

{ 82 comments… read them below }

  1. Mike*

    The answer to question one is neither. Neither HR nor IT should have user passwords. IT should have the permissions to be able access accounts and resources, but they should do it from their accounts. HR should also have ways to montior usage and content, but once again they should do it from their accounts. There are ways for the users to recieve IT issued passwords and then force them to change it on next log in.
    Having everyone at the right permission level and accessing from their own accounts keep accountability when something happens. If someone besides the employee knows their personal password, there could be doubt if they actually did something.

    1. Anonymous*

      Indeed – if the ‘raw’ passwords are ever stored, something is badly wrong. That’s what hashes are for. One small comment: the superuser (which is to say, IT) can always change the logs to blame any user they choose.

      1. Jamie*

        For the record I hope everyone knows this is apocryphal.

        I’m not saying there aren’t some unethical ITs out there – every field has their black sheep. But the whole logging in as user and changing logs fails the logic test:

        1. In order for IT to hate you this much you are probably a bad user.

        2. If you are a bad user IT won’t have to set you up – you have already left your muddy little electronic footprints all over the network your own self.

        3. It’s much easier to bust you for your own errors than create them and change all associated logs, audit trails, and sweep away our own stealthy electronic footprints.

        4. IT as a field has a lot of mutual respect within the profession. Even if we wanted to fool non-tech types we know that one of our own could uncover our subterfuge. No matter how clever we think we are (and we tend to be fairly impressed without ourselves) we know there is always someone out there just a little bit better. It’s what keeps us in the game.

        4. IT is usually too busy and efficient to go out of their way to create problems that given enough time bad users will create for themselves. More work + no payoff = IT can’t be bothered.

        I know that Anonymous 12:34 wasn’t implying that IT people tend to do this – but the myth is out there and I wanted to take the opportunity to dispel it.

        Although if IT hates you, you should address that. I can be won over with insincere flattery and bringing me an Almond Joy from the candy dish in the front office.

        1. Jamie*

          “(and we tend to be fairly impressed without ourselves)”

          Should be ‘with ourselves.’

          One of these days I’m going to learn to type.

        2. Anonymous*

          3. It’s much easier to bust you for your own errors than create them and change all associated logs, audit trails, and sweep away our own stealthy electronic footprints

          Certainly, but that doesn’t change the fact that IT can go the log forgery route, if they so prefer – indeed, that they can is axiomatic to the whole field of computer security. And if done properly, it will be completely undetectable. Even if they have the logs copied to a line printer in a place to which IT have no access… cables can fall out, and if it’s established beforehand that this can happen randomly….

          4. IT as a field has a lot of mutual respect within the profession. Even if we wanted to fool non-tech types we know that one of our own could uncover our subterfuge

          Then the question becomes a) does your boss know any such person b) would they think to ask them (and pay them) to perform the audit? Besides, unless you were really incompetent in your edits, I would expect that the only evidence left would be circumstantial – the log entries weren’t quite consistent (or something similar).

      2. Evan the College Student*

        I agree: IT should never store raw user passwords, but only hashes. It isn’t so IT can’t fake logs; it’s so, just in case someone hacks into IT’s servers, they can’t grab your password. I don’t see any reason they need to have raw passwords, and there’s at least one good reason not to.

    2. Anonymous*

      Why do you think IT asks for your password occasionally if they’re working on your computer and need to login as you? It’s because there’s no legit way for us to see your password.

      It seems to be more common lately for you to have to manage multiple usernames and passwords for various resources and maybe that’s what OP is getting at when she mentions HR. We have a separate login for our HR Oracle system which is really stupid. Those systems can almost always be configured to use your existing network account and password. HR handles the password resets but they can’t see your password either unless you tell it to them. When I evaluate any software it’s automatically excluded if it requires my users to have an additional account to manage.

      1. Jamie*

        Exactly. IT doesn’t store your passwords – if we ask for it to log in as you it’s a convenience for you so we can remote in and see the problem you’re having without you having to close everything down so we can go in as admin.

        1. Anonymous*

          Exactly. IT doesn’t store your passwords – if we ask for it to log in as you it’s a convenience for you so we can remote in and see the problem you’re having without you having to close everything down so we can go in as admin.

          boggles
          That doesn’t make any sense – you remote in as yourself, and then issue sudo su – username. It will prompt for the password on your own account, and then simulate a full login as the user. No need for the user’s password – that’s the point of being superuser.

          1. Jamie*

            I run a Windows network – not Linux. Not sure why that boggles.

            To your point I could use the runas command but there are can still be permissions issues.

            1. Anonymous*

              It would boggle me that ‘runas’ wouldn’t work correctly (as a random guess, I expect you mean it’s the difference between ‘su – username’ and ‘su username’).

              1. Tech Chic(k)*

                Windows desktops are not nearly as clean to manage as Linux. For example, printer mappings are all handled at a user account level. If someone can’t connect to a printer, I won’t see the problem at all if I log in from my account. This is just one of dozens of examples. Unless there’s a physical problem with the machine it’s almost impossible to troubleshoot problems without going through the user’s account. Ideally this wouldn’t be necessary, but it is.

                This means I either need the user to be present while I’m working on their computer (so they can log back in when I have to reboot the machine) or I have to reset their password, or they have to give me their current one. Guess which option is the easiest for the user.

                When a former boss of mine got people’s passwords, he recorded them for future reference. Then the spreadsheet was stored in an unencrypted format on the file server, with only folder permissions between it and the rest of the office. I didn’t work there long! I hate to think what would happen if that had been general knowledge or if anyone had ever tried to compromise the system. Any shady business could have been laid at his feet – “he has my password, so you can’t prove it was me doing that stuff and not him.” Not a good situation to put yourself in!

    3. Meghan*

      Mike is exactly correct. Neither should have your password. IT should have the access to be able to reset your password and there should be a clear process in place for HR to inform IT of employee terminations.

    4. Cassie*

      I agree completely. I don’t know much about IT but it seems to me that they should never need your password. They must have some way to gather data (as part of their job) if they need to. Asking you for your password is not one of them.

      For our central systems at work, if you forget your password, they will reset it for you. I doubt they could tell you what it is (because they don’t store it).

      As for IT working on your computer – they have always asked us to log in and then they will work on installing or debugging or whatever. And they look away when you type it in. They sometimes also set up a separate admin account on the computer so that they can install applications after hours.

  2. Brightwanderer*

    Re: 7 – I’m always surprised by how few people seem to realise that it’s common for a call to be picked up by someone else within an office and it doesn’t mean they’ve dialled the wrong number. I’ve had to modify my greeting slightly due to the number of people who’ll assume they’ve misdialled when actually my coworker is currently on the phone so it’s come through to my line instead.

  3. re: phone answering*

    I’ve had to answer other peoples’ phones at various points in my career, & my approach has always been, “[person’s name]’s office, this is [my name]”–AAM’s suggestion works fine if you’re of a different gender than the person whose phone you’re answering, but adding your name helps avoid confusion otherwise. (I’d actually argue that it’s useful either way, since it gives the caller some info upfront, but it’s not as necessary in mixed-gender situations.)

  4. Hairy HR Guy*

    Re: 6 — I’ll throw out an alternative answer; 6 years is 6 years. they may have hired someone in the past with only 4 years, and it did not get the results intended. And the compliance part of HR may also be inisting on a rigid ruling — they may have had federal contractor compliance issues in the past, and need to be very exact about minimum qualifications.

    1. Anon*

      THIS. The min quals are the min quals, whether an applicant screening system is used or not. We cannot put through one person who has the 6 yrs of experience, and then put through someone else with 4. If there’s leeway there, then edit the min quals to read “must have 6 yrs of experience or (insert degree here) and 3 years of experience.” Something like that.

      1. Ask a Manager* Post author

        Why? Not all experience is equal, and sometimes you find an amazing candidate who makes up for having slightly less experience than others by having achieved awesome things.

        1. Anon*

          Because we’re required to consider only those employees who meet min quals. And if we put through one application from someone with only 4 years, we’d have a difficult time justifying why we screened out the other applicants who also had less than 6 yrs of experience. There would also be potential candidates who didn’t apply to the job because they didn’t meet the 6 year requirement. Not fair to them, either. We’re up-front about our position requirements, and we’re consistent in terms of putting through/screening out applicants.

            1. Anonymous*

              I was having a similar conversation with my sister last week about online dating. She has a requirement in her profile that her matches must have a 4-year degree. I was giving her a hard time because all those lists rules out potential mates that might be a great match. Hell, she’s always saying she wants to find a guy like me and I only have a 2-year degree! She bluntly said she didn’t care. She needs a way to quickly get the pool of candidates down to a manageable number. She only has time to look at the guys who most likely will be a close match.

            2. A Bug!*

              I’m wondering if it’s something to do with a union. I know that where I live, there are often jobs for which the “minimum requirements” for a given job must be strictly adhered-to or the union can make a stink. I’d imagine it’s to ensure “fairness” and prevent favouritism but I know it sometimes results in a less-qualified hire.

        2. Vicki*

          I took a job where my “one year” of experience easily exceed that of co-workers with 3-5 years. They had been _using_ the system for 3-5 years whereas I had been experimenting and really learning the ins and outs of the system in my 1 year. My job quickly came to include system support for the department. “Years” is not a sufficient measurement.

    2. Joey*

      I disagree with Alison. I think companies who have number of years experience requirements then don’t follow them are the ones being shortsighted. If you have hard requirements that you don’t follow then they’re really not requirements. Companies that do this should change the requirements to be more subjective.

      1. Ask a Manager* Post author

        I’ll agree with that last sentence — they should get rid of strict requirements about number of years of experience. I’ve never used them myself. I’d rather require a proven track record in X, instead of a random number of years of experience during which a candidate might have achieved medicocrity and nothing else.

        1. Joey*

          I hate hard requirements myself. I see people who I describe as having one year of experience 20 times.

        2. Jamie*

          Yes – it’s important to be specific with the verbiage.

          When writing job requirements for an ISO certified company for example, it’s critical to distinguish what is non-negotiable and what is an option. It’s all about “preferred” or “shall.”

          There is no way you will side-step a non-conformance on an audit if your documentation says “X position must have six years experience” and you hire someone with four. If you say “six years experience for X position is preferred” then you’re covered…because it’s not binding.

          If you could possibly conceive of a great candidate having less than the minimum requirements then the screening software should take that into account.

        3. Anon*

          I’m sure the years of experience required isn’t some random number pulled out of a desk drawer. We meet with Comp, we work on a job description, we include a certain amount of experience required. If instead we should be personally viewing the apps of all 44,000 people who apply to our jobs each year, well then….I’ll bring it up at our next staff meeting and see how well that idea goes over.

          1. Ask a Manager* Post author

            As Joey has pointed out, 20 years of experience can be one year of experience 20 times over. It’s not what you’re really going after. You’re going after a proven track record of success in ___. Some people get that in 5 years, some in 10, and some never get it, even after 20 years or more.

            1. Anon*

              Right. And to ascertain that “proven track record” I would have to manually screen each application.

              1. Ask a Manager* Post author

                It sounds like you’re a recruiter. I’m coming at this from the hiring manager side, and yes, I want to look at every application, because the importance of having the best team possible can’t be understated.

              2. Joey*

                As a recruiter it’s really hard to ascertain what “a proven track record” means to each and every manager you work with. That’s why you have hard requirements. And most companies that get lots of resumes or applications have the luxury of sticking to those hard requirements because they can still find very good candidates that meet them. And Alison is not most managers. Most managers I know don’t want the sometimes 400-500 apps and resumes. They want a lot of the work done for them so they can spend their time on the candidates who look the best at first glance. This is off topic but most managers don’t really know how spot a star candidate that doesn’t have much experience on their resume. Most people’s natural inclination is to assume that the more years of experience the better the candidate. And, defending that hiring is easier than having the balls to put your money on someone with less experience.

          2. fposte*

            Years of qualification may not be random, but they are pretty arbitrary. It’s not like all the five-years are one year worse, or worse at all, than every six-year, and it’s not like most companies have done industry-wide feasibility studies demonstrating the statistical likelihood of difference between the two durations. Somebody said “Five,” somebody else said “Five isn’t enough,” somebody else said “Ten then,” another person said “Do we have the salary budget to start with that level of experience?,” and the finisher said “Okay, how about we use six and that may get us some talented cheaper pre-tens?” and they went onto the next posting.

            I don’t think that makes them evil (it’s also possible that some organizations, at least, have set the limit very generously, advertising a minimum of six years when they really want a ten-year level of skill), but they are driven more by convenience than logic.

            1. Anon*

              We can argue about this forever, but when I was a job seeker, I spent less time lamenting about how unfair these processes were, and more time going out there and applying to postings for which I DID meet the min quals. I’m not going to change how these companies screen applicants. Have an awesome resume, write a kick-ass cover letter, and keep putting yourself out there.

              1. fposte*

                I’m speaking from the hiring side, actually, and I object less to the arbitrary cutoffs than to the implication that they’re made out of pure reason. It wouldn’t be so bad if everybody actually used “six years” to mean “want the equivalent of nine,” but there are definitely places that mean “the equivalent of six,” and that’s tough when that’s what you’ve actually got but it doesn’t fit in the form.

              2. Ask a Manager* Post author

                fposte, I can agree with that. If a company wants to say “we’re doing this for convenience and recognize that we may be losing some great candidates in the process, even some who could be better than whoever we ultimately hire,” that’s one thing. I’d still disagree with it, but it’s a more honest way to look at it.

      2. Anonymous*

        I am the person who wrote in for #6. I completely agree that for the process to be as fair and objective as possible, consistency is needed when screening applicants. So you can’t throw out the requirements when they suit you, and then decide for another candidate that they must apply. BUT, I would argue against stringent “years of experience” requirements in the first place. I can understand why certain qualifications are non-negotiable, but requiring an exact number of years (rather than a broader range or requiring a certain skill set/track record) seems silly to me.

        1. Lesley*

          I come across this all the time, not just with years of experience, but with other specific requirements that should be a little more flexible because it’s not actually vital for someone to be able to do the job. Very specific degree or software experience requirements come to mind. I know there are some areas where people do need very specific academic credentials or software knowledge, but I’m in the Communications/Editorial/Marketing area and it’s really not necessary for these types of positions. Why do you care what degree someone has when you’re also requiring them to have 10 years of experience?

  5. Anonymous*

    For #6, whenever I come across a job that requires me to invest an hour filling out online forms to even be considered, I skip it. There are tons of IT jobs out there now so those companies can go fly a kite.

    I had a buddy of meet 19 of 20 listed reqs (15 major and 5 minor) and his app was rejected because he didn’t meet ONE of the minor reqs. What are the chances you will get ANY candidates that meet all 20? You could probably count on one hand the candidates that even met all 15 of the major reqs?

    1. Joey*

      Um that’s the point of hard requirements. To screen out the people that don’t have the must haves. It makes the manual reviewing of resumes more efficient. The problem is that some candidates can slip through. Some skills can easily be taught and candidates might have experience in something so similar their skills are transferable.

  6. Elizabeth*

    For 2: Take into account what type of place it is you are applying. Are you talking directly to your new manager or an HR department? HR people are probably prepared to talk to you about the salary range and expect negotiation, while a manager may be less comfortable doing this (especially if they haven’t had to do it much) or it is more risky that they are turned off by someone asking a lot more since they make the final decision on who to hire. Larger and more bureaucratic organizations may not have that much room to move in salary because they are trying to keep your salary in line with what others make. On the other hand, they may be offering a higher salary for a job than a small business or non-profit can. You could do a general search online for what this type of position typically makes in your region/field. I wouldn’t ask for more than 10% above what they posted unless the starting point is really low (in my mind, $30000 or so is low) and so 10% is not that much more to ask.

  7. KayDay*

    re: #6. I once applied to a job where the application asked about 6 or so “requirements” of which I had 5 (I felt I was a good fit for everything else). Obviously, I had to choose no, and was pretty sure that I was screened out. But, a couple of months later they called and asked for a phone interview anyway–the number 6 requirement never came up at all, so I guess they gave up on it.

  8. Anonymous*

    #4
    I’ll bet you are more qualified to help your new boss push off some of his old responsibilities onto you than you realize. Event planning has a lot of things you might not be up for, but many of the details you might be able to help with. What about offering to help out and pick up what you can (if you are up for it) because chances are good you’ll already know more than you give yourself credit for and then if the duties are too much see if you could get some help on some of your tasks. Having someone else come in for a day a week to help out on a temp basis might be really helpful. And this could be a way for you to grow as well as your new boss. AAM is right. Tell him!

    1. Julie -- OP #4*

      Thanks! He’s still getting into the grove of things, having been thrust into this new position with no warning and no formal changeover, so he has no idea of the status of certain projects. (Sadly, it looks like my old boss did a lot of stuff on his personal laptop, where we can’t access it.)

      He knows I’m totally on his side. Once he gets another few days in, I’ll bring up the idea of taking on some of his event planning duties so that he can focus more on the tasks required for an executive director.

      1. Natalie*

        One thing you could help with right now would be putting together as much information as you can about everything that’s currently in progress. You could even make note of what items may be missing due to the old boss’s use of his personal laptop.

  9. Student*

    For #1, I have a slightly different view from a significant other who has many years of IT experience. Neither HR or IT should have individual employee’s passwords in a modern workplace. Both should probably have user names, especially if user names are used as part of an email address. Legacy systems (really old computers) or badly designed IT infrastructure might be an exception, but since you mention SharePoint I’m guessing that this isn’t some old mainframe from the 70s.

    In a modern system, the IT people should be able to reset your password without needing to log into your specific account, and resetting a password is much better than looking it up and giving it to the user for several reasons (security, especially). Passwords are usually stored in a “hash” (gibberish that the computer can turn back into a word) instead of as a normal word, so that IT people aren’t tempted to go impersonate some poor sucker at work. If that’s the case, then IT probably can’t even give passwords to HR – you’d have to shake them out of employees.

    IT people should also be able to access your SharePoint stuff, your email, and so on without directly accessing your account – they should (must, to do their job) have root access. “Root access” means that they have an account, called root, that is bigger and cooler than your normal user account. This account can often access the information in anyone else’s account, and it can do all the stuff associated with maintaining the computer and software. For example, it can update the email server when a new version gets released. Usually, a business will have a policy that says the IT people with root access don’t check email and similar documents unless someone in management says so – this way a business can recover important documents if someone dies or leaves suddenly, but IT doesn’t snoop through everyone’s email. Additionally, the IT people won’t all have root access, just the more senior group members.

    1. Anonymous*

      To troubleshoot a problem we must often login AS the user. It’s not about access, it’s about exactly seeing what they’re seeing.

      1. Natalie*

        The IT people at my company can remote in and see my desktop and exactly what I’m doing without using my account.

        1. Tech Chic(k)*

          If they’re seeing exactly what you’re doing, that’s because there’s software installed on your computer that is copying the signals your computer sends to your monitor right back to them, the same as if there were a video camera pointed at your screen. You have to be logged in to your account for them to see what’s going on, otherwise all they see is the login screen.

      2. Jamie*

        This. And some things can look just find when logged in as admin, but not run properly on a regular user account with more restricted permissions.

        Or logging in so you can watch them replicate the problem. Without this you could take a 3 minute trouble call and turn it into hours of emails of someone desperately trying to explain a problem they don’t understand.

        IT should have the authority to request anyone’s password – but much to some user’s chagrin we don’t keep a file. That would be in violation of every security protocol burned into our souls – but we’ve all come up against the one user who is annoyed you can only reset and can’t tell them what their old password was.

        IT: “That’s okay – tell me what you want it to be and I’ll reset it.”
        User: “Why can’t you just tell me my old password?”
        IT: “Because I don’t know what it is – just pick a new one and I’ll reset it.”
        User: “Fine (selects password). I’ll never be able to remember a new password.”
        IT: (inaudible) “Yep, you really did a good job memorizing the old one.”

        Not a skit – a scene from my life. From more than one user, at more than one company. Almost verbatim.

        1. Anonymous*

          And some things can look just find when logged in as admin, but not run properly on a regular user account with more restricted permissions

          Since when does the superuser require a password to switch to another account? If you’re authenticated appropriately, you can Just Do It.

          1. Jamie*

            I don’t know if you’re the same anonymous who wrote the above post above – but if you’re using superuser regarding the sudo command – that’s Linux – afaik.

            Because I’m always open to learning something, I googled it after my last response, and it appears that the term superuser is typical in Linux based OS and not Windows. We tend use admin – I can honestly say I’ve never heard a windows admin use the word superuser so I was confused.

            I’m not saying there might not be a better way to do it – I’m sure there probably is. Asking for a password and logging in – it’s fast and it’s a manageable shortcut when you have a small-midsized user base.

            I could be wrong, but this reads to me like you’re referring to a different OS than I (and most businesses) use.

            1. fposte*

              I think superuser was also old-timey talk for admin privileges on DOS, but I have no idea if that’s how it’s being used here.

          2. Tech Chic(k)*

            You must be a Linux admin. Windows desktop support doesn’t work like that, sadly. Jamie’s description is accurate.

    2. EngineerGirl*

      Yup. This keeps accountability in place. IT can access the accounts, but they are going in as themselves, not the user. That’s the way it should be.

      Our HR people tried to get into some people’s mail accounts and have certain e-mails deleted. This is really scary. They were basically trying to get rid of some evidence. It was scary, but our security people wouldn’t do it.

      I’m just waiting for our company to get sued because of HR.

    3. gary*

      Hashes can’t “be turned back into a word”, at least not without a rainbow table. That’s the point of storing a hash.

      Properly designed authentication software compares a hash of what you entered as a password, salted, against the hash of your password that is stored in the database. If the hashes match, then you know the correct password was entered without ever knowing the password.

      Never reveal your password. IT has never has a legitimate need for it. If an IT admin wants your password, say no, ask why, then offer to log in for him or her.

      1. anon-2*

        Gary / Engineer Girl,

        Our company was taken over by a larger one. One day, a woman claiming to be from IS/IT from headquarters was walking around the building, asking employees for their IDs and passwords.

        The IDs, no secrets there , they used our last name (or last name and initial if there was a common surname) but the passwords, something else. I gave her a phony password.

        I then rushed to management — we are being AUDITED — there’s a woman running around the building collecting passwords. They collared her, dragged her into the office.
        They checked who her manager was at HQ. They called him, who dimly said, yeah, that’s the way we do things.

        THAT’S NOT HOW WE DO THEM HERE. She was ordered – SHRED HER LIST NOW. Then they sat down and since this was an e-mail conversion — you do them one employee at a time and you issue a temp generic, and the employee changes it.

        And you turn your back, and NO, you do not collect passwords.

  10. Jennifer*

    For #2, I know it stinks to hear it, but your “value” isn’t how valuable you rate yourself, or how much you’re willing to accept, it’s how much the market will pay for your role. A lot of it is based on scarcity, so if the market is over-saturated with people with similar skills, you are worth less to an employer. I’m honestly not trying to be flip, I just have worked with people who feel like they’re “worth more” when there people just as skilled who would do the job for less. “Worth more” is different than “need more.”

    1. Ask a Manager* Post author

      Exactly. This is precisely what “market value” means: what does the employer need to pay to fill the role with someone who brings roughly the same value that you do?

      1. Anonymous*

        unfortunately, value is has nothing to do with what anyone believes, it is all about what the market will bear

  11. Sira*

    I think a sort of related question to #6 is how to stand out when you are faced with an entirely automated, online system of this sort. For example, the federal government’s hiring is all done exclusively through usajobs.gov, which uses an extremely narrowly construed form. I’d love to see a post on how to work with these types of hiring apparatuses that limit you to such a narrow range of answers and don’t seem to have a human being to which you can address your application at any stage of the process.

    1. Joey*

      Well first you’ve got to meet every requirement and fill out everything no matter how minute. And really look at the job posting. Yes, some jobs are posted generically, but really study it to look for signs that the hiring manager altered it for this job
      posting. You can tell if the duties get real specific or descriptive or if youre lucky you might find and compare it to the generic job posting. Then you’ve got to try to find exactly what team the position belongs to. The more specifics you can find the more you can tailor your resume to be in alignment with their purpose/manager/function/goals,etc. It normally does no help to try to speak to someone unless you have contacts. Just know that the wheels of bureaucracy can turn very slow so once you apply forget about it. Most resumes aren’t reviewed until after the jobs closing date, but managers can sometimes take months to make calls/set up interviews for one reason or another so it’s better to completely block it out of your mind. Just know at some point someone is going to have to look at resumes and apps so you want to make sure you don’t get electronically screened out before a real person starts looking at resumes. If you dont have exact or really similar experience your chances aren’t that great. Pluses for previous govt, govt contractor, or military experience. Working in a bureaucratic environment is not for everyone so that’s always a consideration.

    2. anonymous #something*

      The Fed hiring system is all kinds of weird, definitely agree with you there. I think when I answered the questionnaire for a GS-7/Gs-9 position one of the answers one could put for some of the technical questions was “I’m considered an expert in my field by my peers…”. For an entry-level position (GS-7 for bachelor degree candidates, GS-9 master degree candidates) that’s one of the potential answers, talk about mind boggling…

      Just like with the private sector, the resume needs to customized for each job (and the Federal resume is longer). Even if you get referred you may face months of waiting to hear from HR. Just keep applying! That’s the name of the game with Fed hiring.

  12. ChristineH*

    Re #6: My problem with measuring yourself against an exact number for “years of experience” is how (as a candidate) to quantify it when what you’re experienced in wasn’t performed on a full-time basis; that is, in part-time jobs, short temp assignments or volunteer work. *So if I spent two years helping disabled veterans apply for social security benefits, but only did so 2-3 days per week, 4 hours each day, could I get screened out for not having “two years experience working with veterans”?

    *fictional example

    1. Anonymous*

      You’re over-thinking it. If you started working with widgets in 2010 and it is now 2012 and you still work with widgets, you’ve got 2 years of experience.

      Of course, you’ll have to demonstrate that you know a thing or two about widgets on your resume and during the interview process.

  13. anon-2*

    No one – REPEAT – NO ONE – repeat – NO ONE should have access to an account and password, except the owner of the account him/herself. If there’s a “master list” – or passwords are shared, or a manager compiles a list of them — you have compromised — no — DAMAGED, SACRIFICED, DESTROYED nearly all accountability over computing resources.

    An effective data security system will not store a “password list”. In fact, many packages prevent that capability, for the protection of the data security adminstration. And within effective data security systems, the passwords are encrypted, and even a “superuser” cannot access them. He can reset or suspend passwords, but not browse them.

    When I worked in data security, I didn’t want to know anyone’s password. I don’t know why anyone would want a “password list” or to know one’s subordinate’s passwords, unless he intended to do something evil.

    Every place I’ve worked — well, I’ll qualify that — the last 27 years of my career — any place I’ve worked never compiled a “list”. And anyplace where we learned that passwords were compromised, they would be reset.

    This question is weird in itself. No credible data security system would even discuss such an issue.

        1. anon-2*

          I worked at one place — two of us were IS/IT veterans. We had extreme concerns over a group using the same ID to log into a mainframe system.

          “But… but… everyone would have their OWN ID! And have to remember a password!” That’s right. And if anyone can’t do that, then they probably shouldn’t be working here.

          Well, we were ignored. Then, we had a disgruntled employee who left. On his last day, someone with this common-to-all, unsecured ID caused some malicious damage. Files deleted, etc.

          We could trace it back to the ID. There was no way we knew whose hands were on the keyboard. Management turned to us and said — “Well, could it be (that guy)”. Yeah, it could be him. It could be anyone else. IT COULD BE YOU.

          All we can tell you – it was a generic ID, and we don’t know WHO did the dirty deeds. Certainly, so-and-so had a grudge. But other people had resentments toward that guy, and might want to make it look like they were justified in passing him over / forcing his departure.

          Giving your boss your password is the same thing. Why would your boss want to go into the machine as you — if he was on the up and up? Three decades in computers, I still can’t find a legitimate reason.

  14. Chuck*

    Re: #6. The reason companies use automated application systems and screening questions is to protect themselves from government regulators. This is an unintended consequence of the gov’t’s desire to make things “fair.” (BTW, life isn’t fair.)

    Had the NBA used such a system, Jeremy Lin wouldn’t be playing.

    Automated application systems like this are not effective nor efficient; they only serve to protect a company from lawsuits.

    1. Lemony*

      True. So, if you want to work for my company, you’ll comply with our automated application system. Or go apply elsewhere.

  15. Cassie*

    #7: My boss answers his own phone, but if he’s out/in a meeting (or happens to be talking to me), I will pick it up. I usually say “Dr. So-and-So’s office, Cassie speaking”. It confirms that the caller has reached the right number. When I answer my own phone, I say the dept name (and don’t say my name) but I figure if someone is calling his number, they already know what dept/company he is in.

    Of course, sometimes we get people trying to reach the hospital or medical doc’s office.

Comments are closed.