Oct 10 2004

Print this Post

Alarm systems and passwords

I got a call yesterday (actually, multiple times yesterday) from our alarm company.

Apparently one of the devices in our system was reporting a problem.

The guy calls, identifies himself as being with the security company, informs me that one of the devices in my alarm system is reporting a problem … and then asks me for my password.

Excuse me? You call me and ask for my password? Sorry dude… that violates rule number one of security procedures: NEVER GIVE YOUR PASSWORD OUT. Especially when you are approached for it.

I have no way of being certian that this person is actually with the security company … how do I know that he’s not some guy phishing for my password … so that he can break into my house in a week, set off the alarm … and call the security company say it’s a false alarm and give the correct password.

So I tell the guy that I won’t give him my password … explain why, thank him for calling, and then tell him that I will call the central station to check on what the problem was.

I start to call the central station … and then my cell phone rings. I hang up on the central station and answer the cell phone. It’s the same guy.

I explain again that I won’t give him my password … and ask to speak to his supervisor.

I talk the supervisor for a while … explaining why this procedure of theirs is so terribly wrong. He agrees, and promises to forward my comments to managment.

Later on that evening … around 10:30 … I get yet ANOTHER call from the security company. This time a woman (not that makes a difference). She tells me that some devices on my system is yet again reporting a problem… and, of course, asks for my password.

<sigh> I explain, yet again, that I do not give my password out to people calling me claiming to be from the security company. She understands … gives me some general information about the problem (basically, something is broke … but the system won’t tell her what. Hmmm … sounds familiar … I deal with that kind of thing every day). I tell her that I will call the central station on Monday and setup a service call. She asks again for my password … which I won’t give her.

Then she does something that I didn’t expect. She gave me some useful information.

Turns out there may be a option that I can use to have the security company give a password when they call me. That way I can be assured they are indeed legitimate.

I thanked her for the very useful information … and indicated I would pursue that when I called on Monday to setup the service call.

Leave a Reply

Your email address will not be published. Required fields are marked *