Is my password safe?

rock_0335
rock_0335 used Ask the Experts™
on
I work from home and use my personal PC to log into the work servers through Citrix web plugin. When I first got the job I was assigned a username, but I chose my own password to log into the company servers. The password is used to be able to log into the virtual desktop, as well as one other program that I use that is password protected. Is this password private, or do you think the IT people have access to it?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Certain IT people usually have access to just about any passwords for systems you have access to. That said they can't necessarily see what your password is (this varies by system) but could probably reset it to something else if they really WANTED to. But it is incredibly unethical (and more often than not against company policy) to abuse that knowledge/ability.

Commented:
It does not matter what password you choose or not choose, senior network infrastructure officers will always have access to you files.

But why are you asking? Are you planning for a felony? :D

Author

Commented:
Haha, not quite. I actually use the same password elsewhere (I know, that's not the smartest) that I use to log into work from home. I don't care if they can see my files and log in as my account. I just want to know if they know the specific password that I used... if so I will change the other places that I use it on  :O
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
A) It's not a good idea to use the same password for everything (for the exact reason you're describing - someone gets it from one place and they can access everything of yours).

B) Like I said, it varies by system if they can actually see what your password is from the admin side... but those situations are EXTREMELY rare. More often than not, it is masked by **** if they see anything but they then have the ability to reset as needed.

Commented:
Well, in that case, no. They can't see it. But, funnily enough, if an admin has bad heart for you, he/she will be able to crack the *encrypted* form of your password.

Why they wouldn't do that already? Just because admins do not have time for it :D It is a tedious and a time-consuming operation that could take months to finish (depending on the length of your password). So they need more than a real motive to do that.
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
An admin cannot see your password IF the traffic is encrypted.  They could use a password cracker, like Rainbow crack, and find a password if they really wanted to but that would require physical access to some file that has a cached copy of your password.  I really believe most admins have to many other things to worry about than sniffing passwords.

Author

Commented:
Yeah, I log into the work servers using https. Then open up the virtual desktop, so I believe that's encrypted right?
Citrix Technology Professional - Fellow
Top Expert 2010
Commented:
Yep and if the login is Active Directory then your password is protected and the admin would have to have offline physical access to the AD database to run a crack program.  I have been involved with project and know other consultants who have been involved with legally cracking the AD database for passwords.  It is used to show C level mgmt just how weak their user's passwords are.  Usually 95% of passwords are cracked in less than 5 minutes and 99% of them are cracked in less than 1 hour.

BUT, all that required running the Rainbow crack stuff on multiple computers for days or weeks to generate the entire Rainbow dictionary.  In other words, way to much trouble to go thru for the avg admin who may want to obtain a user's pwd.  Running the stuff to obtain the full Rainbow crack database on an avg PC would take many months.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial