Daily Archives: 10-October-2004

Alarm systems and passwords

I got a call yesterday (actually, multiple times yesterday) from our alarm company.

Apparently one of the devices in our system was reporting a problem.

The guy calls, identifies himself as being with the security company, informs me that one of the devices in my alarm system is reporting a problem … and then asks me for my password.

Excuse me? You call me and ask for my password? Sorry dude… that violates rule number one of security procedures: NEVER GIVE YOUR PASSWORD OUT. Especially when you are approached for it.

I have no way of being certian that this person is actually with the security company … how do I know that he’s not some guy phishing for my password … so that he can break into my house in a week, set off the alarm … and call the security company say it’s a false alarm and give the correct password.

So I tell the guy that I won’t give him my password … explain why, thank him for calling, and then tell him that I will call the central station to check on what the problem was.

I start to call the central station … and then my cell phone rings. I hang up on the central station and answer the cell phone. It’s the same guy.

I explain again that I won’t give him my password … and ask to speak to his supervisor.

I talk the supervisor for a while … explaining why this procedure of theirs is so terribly wrong. He agrees, and promises to forward my comments to managment.
Continue reading