I got a call yesterday (actually, multiple times yesterday) from our alarm company.
Apparently one of the devices in our system was reporting a problem.
The guy calls, identifies himself as being with the security company, informs me that one of the devices in my alarm system is reporting a problem … and then asks me for my password.
Excuse me? You call me and ask for my password? Sorry dude… that violates rule number one of security procedures: NEVER GIVE YOUR PASSWORD OUT. Especially when you are approached for it.
I have no way of being certian that this person is actually with the security company … how do I know that he’s not some guy phishing for my password … so that he can break into my house in a week, set off the alarm … and call the security company say it’s a false alarm and give the correct password.
So I tell the guy that I won’t give him my password … explain why, thank him for calling, and then tell him that I will call the central station to check on what the problem was.
I start to call the central station … and then my cell phone rings. I hang up on the central station and answer the cell phone. It’s the same guy.
I explain again that I won’t give him my password … and ask to speak to his supervisor.
I talk the supervisor for a while … explaining why this procedure of theirs is so terribly wrong. He agrees, and promises to forward my comments to managment.
Later on that evening … around 10:30 … I get yet ANOTHER call from the security company. This time a woman (not that makes a difference). She tells me that some devices on my system is yet again reporting a problem… and, of course, asks for my password.
<sigh> I explain, yet again, that I do not give my password out to people calling me claiming to be from the security company. She understands … gives me some general information about the problem (basically, something is broke … but the system won’t tell her what. Hmmm … sounds familiar … I deal with that kind of thing every day). I tell her that I will call the central station on Monday and setup a service call. She asks again for my password … which I won’t give her.
Then she does something that I didn’t expect. She gave me some useful information.
Turns out there may be a option that I can use to have the security company give a password when they call me. That way I can be assured they are indeed legitimate.
I thanked her for the very useful information … and indicated I would pursue that when I called on Monday to setup the service call.