My kids are constantly losing things. Toys, books, their jackets, etc. Thankfully for password keychains on our home computer, the one thing they don’t lose access to is their Club Penguin accounts.
If only the same could be said for so many people managing websites and web-based accounts on behalf of their organization.
Here’s a real life example. I have a client who lost the password to one of their critical web-based tools. They tried everything they could think of to remember the username and password and got locked out after too many unsuccessful login attempts. They contacted customer support who promptly e-mailed password recovery options to the e-mail address on record when the account went was established.
However, that e-mail address was of an employee who hasn’t worked at the organization in over a year. That e-mail box is gone. No password recovery. (insert sad sound effect here)
That screeching sound you just heard is the brakes being put on all the work they need to do in that online tool while the mess gets sorted out.
There has been much written about not letting interns set up your social media accounts or the fact that Facebook used to allow eternal admin rights to a page creator regardless of that person’s affiliation with the organization or page (which has thankfully been changed).
But here’s another thing to consider when having your team set-up these accounts – people leave jobs. Even trusted, valuable, loyal people.
Your webmaster or marketing director who set up your Google Analytics, YouTube, Flickr, Facebook, LinkedIn pages and controls your online presence may call you tomorrow to tell you they won the lottery and won’t be coming in. Or you might have layoffs and your HR policy requires you immediately lock that person out of their systems access.
Here’s where internet policy and web governance is critical.
First, when managing the website and online tools, create a generic e-mail box that system administrators can always have ready access to – something like a firstname.lastname@example.org. Make sure that this is the primary e-mail address associated with those accounts. Also, make sure to add to your internet usage policies that staff may not set-up accounts for critical business tools under their personal e-mails.
Next, go back and look at all your accounts. What’s the primary e-mail associated with that account. Quickly change them all to your master generic account. If you want to segment access and allow staff access to specific web-based tools, buy additional licenses or set them up as secondary users.
As for that client? They’ll be fine. Through a friend of a friend we’ll eventually be able to reset that password so they can have access and continue their work. But it has stalled their work and is going to take a couple of weeks to sort out.
But with some foresight and planning, the whole mess could have been avoided.