User at this big insurance company calls the help desk because, in an effort to avoid getting locked out of her account while she's on vacation, she's managed to lock herself out before going on vacation, reports the pilot fish who takes the call.
"She's in our document scanning and archive facility, and I unlocked her account and started the password reset procedure," says fish.
"As per policy, I looked her up in the employment verification database to ask her for some personally identifiable information before I could reset her password."
But this employee isn't there. She's a temp, which means no one has bothered to collect the necessary authentication info and put it in the database.
OK, fish knows what to do in this case: Verify the temp's identity by asking a regular full-time employee to vouch that fish is talking to the person this seems to be.
That's especially important given that this user is working in the area where paper copies of policies and other protected data are stored and scanned. In this case, being able to verify who's accessing what, and when, isn't an option -- it's required.
"Unfortunately, my caller didn't quite see it that way," fish says. "Her line of thinking was that they were all company employees out there, and we shouldn't need to ask them anything."
Fish patiently explains the need for the requirement. But the temp -- already irritated at having locked herself out of her own account and apparently really needing that upcoming vacation -- is having none of it.
Fish tries repeatedly, in as many ways as possible, to just get the temp to hand the phone to another employee. That way fish can look up that employee's name, ask the security questions, and then get confirmation that the temp is, indeed, the temp.
But it's soon clear that this isn't going to happen -- and the call is about to erupt into a full-blown argument.
What to do? "I changed the subject, and gave her the new, system-generated password so she could get logged in for the day," says fish.
"She disconnected in a huff, but we were later able to verify a user with no validation questions we could ask her."
Connect with Sharky. Send me your true tale of IT life at email@example.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.
Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.