Employee Fired, Was Using Personal Account

Customer forum for LastPass Enterprise

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

Employee Fired, Was Using Personal Account

Postby Stupidscript » Thu Nov 20, 2014 2:50 pm

An employee who was recently fired used her personal LastPass account.

Her personal account now contains some of our company passwords.

Is there a way we can remove those passwords from her account?

Thank you in advance.
Stupidscript
 
Posts: 2
Joined: Thu Nov 20, 2014 2:46 pm

Re: Employee Fired, Was Using Personal Account

Postby chantieLP » Thu Nov 20, 2014 8:33 pm

If her personal account was never a part of the Enterprise account, you have no control over it, unfortunately. I would change those company passwords ASAP.

To prevent future situations like this, I would use some/all of these policies depending on your needs:
-Prohibit Linking Personal Account
-Prohibit Updating Personal Account

If her personal account was used within the Enterprise account and it is still attached to the Enterprise account, you might be able to snag those items if you had previously enabled the policy 'Super Admin Master Password Reset', which allows you to reset the Master Password and login with the new Master Password.
chantieLP
 
Posts: 107
Joined: Tue Aug 27, 2013 11:05 am

Re: Employee Fired, Was Using Personal Account

Postby Stupidscript » Fri Nov 21, 2014 12:25 pm

Thanks for your reply. I figured as much.

We'll take your advice.
Stupidscript
 
Posts: 2
Joined: Thu Nov 20, 2014 2:46 pm

Re: Employee Fired, Was Using Personal Account

Postby bimmerdriver » Sat Nov 22, 2014 2:41 pm

I find this question somewhat amazing. As part of the termination process, any accounts the employee was using should be closed. End of story. It makes no difference if the employee was using LastPass or not. Do you think the employee will simply frequently used accounts and passwords, just because they were terminated?
bimmerdriver
 
Posts: 61
Joined: Sat Sep 06, 2014 2:06 pm

Re: Employee Fired, Was Using Personal Account

Postby Lars » Sat Nov 22, 2014 2:51 pm

bimmerdriver Wrote:I find this question somewhat amazing. As part of the termination process, any accounts the employee was using should be closed. End of story. It makes no difference if the employee was using LastPass or not. Do you think the employee will simply frequently used accounts and passwords, just because they were terminated?

How do plan on closing a personal account, just because that person is no longer at the company? It's that persons own personal account!!
Lars
 
Posts: 2580
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: Employee Fired, Was Using Personal Account

Postby bimmerdriver » Sun Nov 23, 2014 2:24 pm

Lars Wrote:
bimmerdriver Wrote:I find this question somewhat amazing. As part of the termination process, any accounts the employee was using should be closed. End of story. It makes no difference if the employee was using LastPass or not. Do you think the employee will simply frequently used accounts and passwords, just because they were terminated?

How do plan on closing a personal account, just because that person is no longer at the company? It's that persons own personal account!!

We apparently are not understanding each other. When I say "account", I don't mean the lastpass account. What the employee is doing with lastpass should be of no concern to you whatsoever. Any employee account (i.e., login credentials) to a company computer system or network should have been closed immediately upon termination of the employee. Then, if the employee tries to access a company computer system or network, they won't get in anyway. If the company has computer systems that are "exposed" to the public, they should be behind a gateway with two-factor authentication. The other "personal accounts" the employee has in their personal lastpass account are irrelevant.

Does this make sense or am I missing your point?
bimmerdriver
 
Posts: 61
Joined: Sat Sep 06, 2014 2:06 pm

Re: Employee Fired, Was Using Personal Account

Postby Lars » Sun Nov 23, 2014 5:34 pm

OP clearly stated it was a personal LastPass account, nothing about a company account.
Lars
 
Posts: 2580
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: Employee Fired, Was Using Personal Account

Postby bimmerdriver » Sun Nov 23, 2014 6:05 pm

Lars Wrote:OP clearly stated it was a personal LastPass account, nothing about a company account.

Did you read what I said? It should not matter to OP that the employee had a lastpass account, even if it was used to store company information, at least not if the company has standard procedures to close any accounts used by employees when they leave or are terminated. For example, where I work, the only way to access company systems is either using a VPN with two-factor authentication or being physically connected to the company network, either using wired or wifi. On the network there are numerous systems including email, for which I also have login credentials. If I leave the company, they will disable all of my login credentials, both to access the network using the VPN or wifi, as well as internal systems. Even if I still have the credentials in my lastpass account, there will be no way for me to get in. It make no difference to the company whether I use lastpass or not, irrespective of whether my lastpass account is personal or enterprise. Even if I wasn't using lastpass, I could have written down the credentials or even memorized them. If OP's company cannot disable a former employees login credentials, they have a big problem.
Last edited by bimmerdriver on Sun Nov 23, 2014 6:12 pm, edited 1 time in total.
bimmerdriver
 
Posts: 61
Joined: Sat Sep 06, 2014 2:06 pm

Re: Employee Fired, Was Using Personal Account

Postby Lars » Sun Nov 23, 2014 6:12 pm

It would seem the company aren't in a position to exclude the user from accessing their systems, as long as the user has the passwords. Not all systems are designed the best of ways.
The OP was not asking about their internal security setup, but for a way to remove said passwords from the users personal LastPass account.
Lars
 
Posts: 2580
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: Employee Fired, Was Using Personal Account

Postby bimmerdriver » Sun Nov 23, 2014 6:15 pm

Lars Wrote:It would seem the company aren't in a position to exclude the user from accessing their systems, as long as the user has the passwords. Not all systems are designed the best of ways.
The OP was not asking about their internal security setup, but for a way to remove said passwords from the users personal LastPass account.

Then like I said, whether the employee was using lastpass or not, if the company cannot disable the credentials, they have a serious security problem. The employee could have written down the credentials or memorized them. Simply deleting such credentials from an employees's lastpass account does not remove the security problem.
bimmerdriver
 
Posts: 61
Joined: Sat Sep 06, 2014 2:06 pm

Next

Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 6 guests