This is a common problem we see in our industry. You hire somebody for IT (employed or contracted) and eventually when that person is terminated, quits or falls to illness or even death, your company IT comes to a grinding halt because you don’t have your passwords.
I’m not just referring to personal login information but passwords for all kinds of infrastructure items like domain controls, administrative logins for servers, ISP service login information, Hosting information, WiFi or even encrypted file passwords.
Years ago, we found it very common for IT contractors to withhold password information from the client in order to gain some leverage for final billing. We also found that sometimes this was cloaked in laziness and lack of understanding from the client side as to why the IT provider had all the info and the client had none. Either way, it is a scummy practice.
It is not unsimilar to website hosting companies that require you to register your domain through them and inevitably have ownership over your domain name and hosting service. This leads to the common occurrence of you losing rights to your own website if the provider feels unjustly slighted. They justify it by wrapping it up in their “all in one” service or “one stop shop” label but really what they are doing is holding you hostage to your own property.
As IT providers for the last 20 years, we have NEVER encouraged this kind of disgusting and dishonest type of blackmail and several of our clients converted to us after being the target of this type of activity.
Those types of providers make up excuses about cancellation fees and about being compensated for their time in some vague reference to the material they have created, but the reality is that the business model they are using does not credit customer property.
Essentially if somebody hires you to make something, develop something, design something in the IT world, it is their property. Unless you have a specific agreement AND have explained this to the client ahead of time, you cannot deny the customer access or control over their own information. Some leave it to the “fine print” in their contracts and hope that the client doesn’t have a lawyer review the paperwork which is often the case.
Now in the USA, a court has decided that an IT employee who left his employer without access to password and infrastructure information was committing a crime.
“Terry Childs was a network engineer in San Francisco, and he was the only employee with passwords to the network. After he was fired, he withheld the passwords from his former employer, preventing his employer from controlling its own network.”
So anytime you hire somebody to do something for you in the IT world, remember it is your right and expectation to have access to your own passwords and information even if the provider has a copy.
If you have any questions about this article, feel free to contact me anytime.