Troubleshooting a forgotten password and a surly end-user

In this IT tale, an employee's technical ineptitude and disrespect toward the IT staff make for a nightmarish encounter

I work in the IT department for a large medical office, and the employees who deal directly with patients' health and insurance claims work in a high-stress environment, which can lead to emotional encounters.

Once while I was manning the phones at the help desk during lunchtime, I had the unfortunate task of helping a doctor troubleshoot his VPN connection. At the time, we were using Cisco for VPN tunneling and Citrix Metaframe for application access. Some of the applications would work well if a VPN connection was established without using Citrix (like this doctor's connection), while others had to use Citrix.

[ Want to cash in on your IT experiences? InfoWorld is looking for an amazing or amusing IT adventure, lesson learned, war story from the trenches, or an instance when something went very right. Send your story to offtherecord@infoworld.com. If we publish it, we'll send you a $50 American Express gift cheque. ]

In this case, the doctor forgot his password to not only the application he needed to access in order to approve cases, but also to his VPN and Citrix accounts. I asked him for his credentials so that I could reset his account.

"I can't do that," he replied. "Sir, I need your log-in name so that I can reset the account," I said. He replied, "But it is confidential and private information." I assured him that this was for verification purposes only and in no way would I undermine the security of his account. This went on for 45 minutes.

The application the doctor needed to access was a 20-year-old Unix-based application used to approve or review medical cases. The search function did not allow us to look up a user by name, but by user ID. At one time, the ID creation was standardized (first initial, middle initial, last initial, followed by a number if needed), but it had stopped being a standard for quite some time.

As I listened to him yelling and carrying on, I scrolled through all 4,000-plus names until I found his. I reset his password, advised him of what it was changed to, and told him that he could now access the VPN. For a second, he was silent, then yelled, "I didn't ask you to change it! Why did you change it?" followed by a few expletives and demands to speak to my supervisor.

[ Tired of being told to do more with less? Participate in InfoWorld's Slow IT movement: Rant on our wailing wall. Read the Slow IT manifesto. Trade Slow IT tips and techniques in our discussion group. Get Slow IT shirts, mugs, and more goodies. ]

At this point, I was exasperated. I placed him on hold and took a deep breath -- and to my surprise, saw my supervisor return from lunch. I asked her to come over, explained to her why there were 10 calls in the queue, and she took the call off my hands.

An hour later, she came back to my desk with red cheeks and almost-red eyes. She told me not to worry and that he was all set. She then proceeded to listen to the recorded call -- and brought HR into the mix.

As it turned out, the help desk call that I'd been involved with was just one in a pile of complaints filed against the doctor. He ended up being fired from the organization for gross misconduct, negligence, and abuse that he dished out to the staff. He lost his license due to a sexual harassment case a patient filed against him. Ironically enough, the patient who sued him was my supervisor's cousin. What a small world.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies