Today, I was asked by my employer for my GitHub password. This is something I'm not willing to give out, especially since I work on other projects (outside of work) and am not willing to compromise anyone's data.
Anyone have any advice on how to respond to this request?
This may be more of a rant here:
I ask this because the manager in question demands passwords from everyone for every bit of software and every single device their subordinates use. That data is kept on a spreadsheet right on their desktop!!! They also remote in to work devices using unsecure software and I'm basically waiting for the next data hack.
- This has progressed a little more than I thought it would.
- I let me employer know that I am responsible for more data than just their company's and I am not willing to compromise anyone's data. As it would be a security issue for me to disclose my password, I am unable to provide my login credentials to them.
- Within 5 minutes of that, two managers have now scheduled to have a meeting with me regarding this.
- This seems awfully strange. I'll keep updating as new events unfold.
- Wow! Thank you everyone for responding! Ended up getting an engineering team together to educate the management on the risks of their current system.
- It sounds like management is going to take this advice to change their password control situation. Sounds like they were not used to hearing "no" (more or less) from an employee.
Wow, I got similar question from my very first employer. I tried to convince them that its not a good Idea and I can share any projects or things they really are interested in with them. They didn't agree to listen or have any further conversation. I raised it to my manager, even he was helpless because of internal politics. It was a very strange thing for me even though I was just a college grad then.
I told them I will share in some time. After few minutes, I sent out an email keeping my team members, manager and US based manager in CC with title: "My Github Password"
As discussed, I am sharing my password with you as you need it for some undisclosable business and my manager has no say in it.
Here's my password: "Le@rnEthics&EmployeeIntegrity"
The Terms of Service are probably your best defence here: help.github.com/articles/github-terms-of-se..
“An "Account" represents your legal relationship with GitHub. A “User Account” represents an individual User’s authorization to log in to and use the Service and serves as a User’s identity on GitHub”
“You are responsible for all content posted and activity that occurs under your Account (even when content is posted by others who have Accounts under your Account).”
“You retain ownership of and responsibility for Your Content. If you're posting anything you did not create yourself or do not own the rights to, you agree that you are responsible for any Content you post;”
And most importantly: “Your login may only be used by one person — i.e., a single login may not be shared by multiple people.”