Today, I was asked by my employer for my GitHub password. This is something I’m not willing to give out, especially since I work on other projects (outside of work) and am not willing to compromise anyone’s data.
Does anyone have any advice on how to respond to this request?
This may be more of a rant here:
I ask this because the manager in question demands passwords from everyone for every bit of software and every single device their subordinates use. That data is kept on a spreadsheet right on their desktop!!! They also remote in to work devices using insecure software and I’m basically waiting for the next data hack.
The answer which received the most appreciations was written by Terence Eden.
I’m going to respectfully disagree with the other answers. Jobs are hard to come by, and sometimes we have to stay in abusive relationships in order to put food on the table.
Your long term plan should be to leave this company, or get them to change their policies.
Your short term plan is this:
Your employer will not be able to log in without your 2FA code, and you’ll be able to check for failed login attempts.
To be clear — this is not a long term practical solution. If you work in a large company, you should contact their information security team. If you work in a regulated environment, you should discuss this with your regulators.
If you are being threatened or bullied, talk to your Trade Union to see how they can help.
And, of course, start looking for a new job.
Ultimately, no, you shouldn’t have to hand over your password. But 2FA will give you some protection and some breathing room until you can find a better solution.
Read the rest of the answers on Hashnode and let us know what would you do in this situation.