Repairs and passwords

C

chiskop

Executive Member
Joined
Mar 17, 2006
Messages
9,214
Reaction score
380
Location
Kensington, JHB
My laptop is currently back at the distributors for under-warranty repairs - the motherboard seems to have died. When I dropped it off I had to fill in a form that included a field for the computer's login details, eg. username and password.

I declined to fill this in, pointing out that there wasn't a problem with the hard drive.

The guy I was leaving my computer with got a little edgy, saying that it was compulsory to give them my access details for "testing". Eventually, they removed my hdd, replaced it with their own stock hdd (presumably so they could tick the testing boxes) and threatened that if there was ever a problem with my hdd that it wouldn't be covered under the warranty.

So, I have a couple of questions for you:
  1. Is this a standard practise?
  2. Would you hand over your password? I spoke to one of the managers later, he said that in the last couple of years there had been < 5 people who didn't want to divulge their password.
  3. I'm no technician, but surely you can check the integrity of an hdd without mounting it?

When you pay a restaurant bill by credit card these days, the transaction is processed in front of you. Why should I be required to open up my laptop, with all my personal, banking and work data, to some technician that I'll never see, who has unfettered, unsupervised access to my computer for 7 - 14 days?

Or am I just being obstreperous which is also a distinct possibility?
 
chiskop said:
My laptop is currently back at the distributors for under-warranty repairs - the motherboard seems to have died. When I dropped it off I had to fill in a form that included a field for the computer's login details, eg. username and password.

I declined to fill this in, pointing out that there wasn't a problem with the hard drive.

The guy I was leaving my computer with got a little edgy, saying that it was compulsory to give them my access details for "testing". Eventually, they removed my hdd, replaced it with their own stock hdd (presumably so they could tick the testing boxes) and threatened that if there was ever a problem with my hdd that it wouldn't be covered under the warranty.

So, I have a couple of questions for you:
  1. Is this a standard practise?
  2. Would you hand over your password? I spoke to one of the managers later, he said that in the last couple of years there had been < 5 people who didn't want to divulge their password.
  3. I'm no technician, but surely you can check the integrity of an hdd without mounting it?

When you pay a restaurant bill by credit card these days, the transaction is processed in front of you. Why should I be required to open up my laptop, with all my personal, banking and work data, to some technician that I'll never see, who has unfettered, unsupervised access to my computer for 7 - 14 days?

Or am I just being obstreperous which is also a distinct possibility?
Click to expand...

Yes it is standard practise
No, Not if the data is sensitive.

If it is sensitive information then you do not have to give them any password. You have to then state clearly that there is no requirement to change or work on the operating system. The reason they do need to enter the operating system is if there is a driver problem in windows causing a issue. As I presume you refer to a hardware issue, The unit can be checked and tested from the Dos Prompt. No operating system is required to do that.

Or am I just being obstreperous which is also a distinct possibility?
Click to expand...

Again only if the data is not sensitive. Let them test the unit with their hard drive and only if they claim its a windows operating system issue do you need to give them the password to work on the operating system. If it is a hard drive problem then they will most probably anyway just reformat and wipe the disk clean as that is mostly standard practise, with the excuse the data could not be saved.

Anyway if they realy want to access the hard drive they can. I have a disc that can open a windows system and reset the passwords. Full access to the disk is then possible. So on all counts you are exposed. If data is really that sensitive it is best to erase the disk, ask them to do it, and reload the operating system. Just hope you have a backup IF needed.
 
Last edited:
Thanks Uno. I'm a little surprised that this is standard practise, and that more people don't have a problem with it.

A few clarifications:
1. It is not a windows OS, if I gave them the passwords I have my doubts whether they'd actually be able to do anything anyway :rolleyes: (But this is not a windows/linux issue - I wouldn't share my password no matter the OS)
2. It's not like I have state secrets on my laptop. Just personal correspondence, financial and other personal data, and client work. And any of that that is really confidential is behind another password. But I don't understand why they'd need to look in the first place.
3. And yeah, I have backups - a week old so I'd lose a little but that is not a huge concern. I just don't see the need for them to be poking around on my hdd.
 
chiskop said:
Thanks Uno. I'm a little surprised that this is standard practise, and that more people don't have a problem with it.

A few clarifications:
1. It is not a windows OS, if I gave them the passwords I have my doubts whether they'd actually be able to do anything anyway :rolleyes: (But this is not a windows/linux issue - I wouldn't share my password no matter the OS)
2. It's not like I have state secrets on my laptop. Just personal correspondence, financial and other personal data, and client work. And any of that that is really confidential is behind another password. But I don't understand why they'd need to look in the first place.
3. And yeah, I have backups - a week old so I'd lose a little but that is not a huge concern. I just don't see the need for them to be poking around on my hdd.
Click to expand...

Then tell them to reformat the drive if that is the case that you do have a backup.

Normal practice with these companies charging minimum R250.00+ an hour and all they do is reformat the drive and reload windows + the cost of any hardware they "had" to change. It is quicker and easier than to waste time with windows issues like say someone was brave enough to load Norton scrapware.

Anyway i hope you come right.
 
I have the same heated arguments when phoning IS about ADSL problems and being asked for my ADSL user name and password.
I refuse.
They argue.
I refuse.
They eventually go off and return later and tell me it was an error on their routers or whatever.

Passwords are YOURS - no one else's.
 
On a laptop you must always work as if it can be taken from you at any time. Use encryption to store sensitive data. Have easy backup systems in place. A lot can happen with a laptop that can expose you at the drop of a hat. Be prepared.
 
BeVonk! said:
On a laptop you must always work as if it can be taken from you at any time. Use encryption to store sensitive data. Have easy backup systems in place. A lot can happen with a laptop that can expose you at the drop of a hat. Be prepared.
Click to expand...

Good advice, and all precautions that I do take. However, giving up the first layer of that protection when there is no reason for it doesn't seem sensible to me. If I'm just going to give my password away, I may as well not use a password.

For sure, the first thing I will do when I take my laptop back is to create a locked down guest account that will allow them access to the OS, but prevent access to anything that I don't think they need to see.
 
Last edited:
BeVonk! said:
On a laptop you must always work as if it can be taken from you at any time. Use encryption to store sensitive data. Have easy backup systems in place. A lot can happen with a laptop that can expose you at the drop of a hat. Be prepared.
Click to expand...

to a point.
Someone with access to the notebook for a week is different to a thug that steals one.

The former can install software to monitor for the password on the encrypted "drive". The latter cannot.

Giving away that much control on a machine for a limited period is not smart.
 
Well, i would do one or more of the following :

a] Create a dummy local account for them to log in, i wouldn't give them my work/network [windows authentication] account details.
b] Not leave any sensitive data on there anyway [encrypt them at least with somthing like TrueCrypt]

Also, keep in mind, we're talking -OS- password here. If i was a technician requiring to test, i would not NEED your windows [or any other OS] password. No one ever heard of LIVE-BOOT-DISCS ??? Linux started this trend, you can boot an entire OS from a USB/DVD these days and *gasp* bypass your local OS with direct access to your HD. You get the same for Windows [booting your version of windows from a HD/USB/DVD] . Back in the DOS days, you also got a little DOS floppy with all your testing/repair tools on them......why aren't techies using that?

So imho, they shouldn't NEED your passwords, they shouldn't NEED to boot your OS.

In fact, to get to your data, you don't need to go into windows anyway.....[it's called external enclosure + usb and your HD just became a "large storage device" to be plugged into any pc they want]

So if a technician asks me that, then i know they're not very good. Not even -i- [some home diy techie] rely on logging into windows when i'm doing hardware repairs/mods, so why should they?


EDIT: In fact, now that i think of it, they should not be using your OS for anything...what if i had Linux on there? Do they have Linux test software?
 
Last edited:
we ask the clients to create a limited user account before sending the machine in for repairs.

there are a number of good reasons for doing this.
i'll explain a few, why not:-)
ok, so you replace motherboard, woopee....and now how do you test the software-based modem from a dos prompt? answer: you cant, you need windows for this.
fine, so why cant you use a test hard drive set up for that purpose? answer: of course we can, but that isnt your drive, so when YOU get the machine back and something doesnt work and you start blaming me for not doing my job then I'll tell you to go take a hike and they we get the equivalent of bad feedback.
with a limited user account at least i have view rights to device manager, so i can make sure that your software will work when you get your machine back.

many many many people cant distinguish between hardware and software faults....just that "biteme fixed my computer and now the sound card isnt working" (maybe, replaced motherboard with an equivalent which had different sound chip...

people are weird.
you wont believe how weird
 
diabolus said:
Also, keep in mind, we're talking -OS- password here. If i was a technician requiring to test, i would not NEED your windows [or any other OS] password. No one ever heard of LIVE-BOOT-DISCS ??? Linux started this trend, you can boot an entire OS from a USB/DVD these days and *gasp* bypass your local OS with direct access to your HD. You get the same for Windows [booting your version of windows from a HD/USB/DVD] . Back in the DOS days, you also got a little DOS floppy with all your testing/repair tools on them......why aren't techies using that?

So imho, they shouldn't NEED your passwords, they shouldn't NEED to boot your OS.
...
EDIT: In fact, now that i think of it, they should not be using your OS for anything...what if i had Linux on there? Do they have Linux test software?
Click to expand...

That's what I was wondering, surely you can run fsck or whatever else you'd need off a live cd.

As it is, I do have linux on there, but the problem doesn't lie with either my OS or hdd.
 
I keep a guest account set up and encrypt sensitive data.
 
BiteMe said:
we ask the clients to create a limited user account before sending the machine in for repairs.
Click to expand...
It's a little tricky doing this without a motherboard, but yeah, it's a good idea.
BiteMe said:
ok, so you replace motherboard, woopee....and now how do you test the software-based modem from a dos prompt? answer: you cant, you need windows for this.
fine, so why cant you use a test hard drive set up for that purpose? answer: of course we can, but that isnt your drive, so when YOU get the machine back and something doesnt work and you start blaming me for not doing my job then I'll tell you to go take a hike and they we get the equivalent of bad feedback.
with a limited user account at least i have view rights to device manager, so i can make sure that your software will work when you get your machine back.

many many many people cant distinguish between hardware and software faults....just that "biteme fixed my computer and now the sound card isnt working" (maybe, replaced motherboard with an equivalent which had different sound chip...
Click to expand...

As already pointed out, I'm using linux - so they're not about to test my (in this case non-existent) soft-modem anyway.
 
chiskop lets just say if you dont want to send in yoru hard drive then it is also cool, we just fax a disclaimer for you to sign saying so, to protect us and you.

after being in business for many many years this is what is required, sorry man, blame fellow citizens for trying to do dodgys.
 
[The word "you" in the rest of this post is not personally directed - too lazy to use "one" and so on :D]

Just like most other repair professionals - hardware repair companies need to stop being so arrogant.

I need my geyser fixed? You come to me and I let you into my house - you do not just ask for the keys and say you will "come over sometime". When people's personal data or "stuff" is involved, the rules change. I am not dropping my car off for a service - I am handing you my life.
 
BiteMe said:
chiskop lets just say if you dont want to send in yoru hard drive then it is also cool, we just fax a disclaimer for you to sign saying so, to protect us and you.
Click to expand...

Which is what eventually happened. I was a little surprised that they require the password for all cases, and that they had no way of dealing with a customer who didn't wish to share his password. And also that, according to them, so few people have a problem with this.
 
Moederloos said:
I need my geyser fixed? You come to me and I let you into my house - you do not just ask for the keys and say you will "come over sometime". When people's personal data or "stuff" is involved, the rules change. I am not dropping my car off for a service - I am handing you my life.
Click to expand...

That's it exactly. When someone repairs my geyser, I don't give them the keys to my safe.
 
BiteMe said:
we ask the clients to create a limited user account before sending the machine in for repairs.

there are a number of good reasons for doing this.
i'll explain a few, why not:-)
ok, so you replace motherboard, woopee....and now how do you test the software-based modem from a dos prompt? answer: you cant, you need windows for this.
fine, so why cant you use a test hard drive set up for that purpose? answer: of course we can, but that isnt your drive, so when YOU get the machine back and something doesnt work and you start blaming me for not doing my job then I'll tell you to go take a hike and they we get the equivalent of bad feedback.
with a limited user account at least i have view rights to device manager, so i can make sure that your software will work when you get your machine back.

many many many people cant distinguish between hardware and software faults....just that "biteme fixed my computer and now the sound card isnt working" (maybe, replaced motherboard with an equivalent which had different sound chip...

people are weird.
you wont believe how weird
Click to expand...

I'm with you on this. I think it's necessary to have the password. Lots of time I need to install Drivers on the Clients OS or setup their dialup connection and test it before handing back the PC to the Client.

Sure I can boot with a Live CD Run Anvirus Scans & System Utilities, but if the client has a problem with some hardware I need to check for the cause and that means requiring their password.
 
i am happy that all you guys can easily distinguish between your hardware and your software.
just please understand that repair companies deal with the entire population, not just those 5% that can tell the difference. i would say the removal of harddrive+disclaimer is standard amongst those companies i know.
if you bring yoruselves down to the level fo the average computer user, you can quite easily see why this is necessary, but maybe doesnt apply to yourselves, there are two tiers of user, those that know, adn those that dont.

those that dont know, are likely to phone you up a week later and say "i just received my computer back, and now my printer doesnt print." and the repair company is now liable to go out and see what is going on, because else it ends in bad customer relations or a lawsuit, or you end up returning the machine at your own cost, none of these 3 options leads to a long time in this business...you will go bust.
and no, tech support cant fix all software problems over the phone, and no, end users cant reinstall windows themselves.
if you can reinstall windows, then pat yourself on the back, as you are no longer a typical end user
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X