What is "Two Factor Authentication"?

On the heels of last Friday's post, we're going to continue our discussion of security. I know that normally today would be "Beginner Monday", but this is something that ALL users need to embrace - new, intermediate and advanced alike.

If you haven't already, please read Friday's post on passwords. We'll wait.

Done? Got it? Good. Moving on.

So what is a "factor"?

So, in terms of computer security (and most other security), there are three factors that govern security: 

• Something you know (username, password, passphrase, PIN, secret code)
• Something you have (decoder ring, security "dongle", smartphone, security badge, etc.)
• Something you are (fingerprint, retinal scan, dna scan)

All security falls into one or more of these three categories. How they're implemented changes, though.

So, my username and password - that's two-factor, right?

Wrong.

See, both your username and your password are something you know. That's one factor. Even though it's two separate things to know, they're both still something known. That makes it ONE factor authentication.

So how do I use this newfangled two-factor authentimication?

So, to use two-factor authentication, you need to use at least two of three categories. Due to the high cost of implementing the last one, most consumer systems stick to Something you Know, and Something you Have. The two biggest sites using this system are Google and Facebook (arguably the two richest internet companies in the world, and definitely the two most widely used by users).

So the first factor is easiest - something you know - your username and password. You probably already go this set up. The second factor is something you typically have to activate after registration. Most systems do not have this turned on by default. 

In Google, you need to go into your account settings, under "Security", and turn on 2-factor authentication. You will need a smart phone or at least one with text messaging, to work. There are alternative ways to make this work without one, you can read about them on Lifehacker.

Why all the big hubub about passwords?

1/5/12 - 45,000 Facebook passwords compromised

2/13/12 - Millions of passwords compromised from Microsoft India's site

6/6/12 - Six million passwords were stolen from LinkedIn website, compromising these users.

6/6/12 - 1.5 million passwords were compromised of dating site, eHarmony

11/14/12 - Millions of Skype passwords compromised

11/21/12 - One password stolen, causing the state of South Carolina to "lose" tax details for over 700,000 businesses statewide

5/12/12 - Stolen password allows a compromise of 1.1 Million users' data with Nationwide Insurance

And Experian has apparently had 80+ known security breaches of passwords, causing an ongoing investigation into all three major credit reporting companies.

These are a mere fraction of the ongoing attacks worldwide to online accounts. And these are just a tiny bit of the successful ones. Passwords are big business for the unethical computer geek. 

And the weakest link? YOU.

That's right - the weakest part of any security system is the users, both administrative and end-user alike. Don't take this an an insult; take it as a lesson you need to learn, and implement NOW. You see, there's a special type of computer attack, called "Social Engineering". And the interesting part is that it doesn't actually have to use a computer at all, though it often does, as we'll see later.

The movie-myth version of a hacker (actually properly known as a "cracker") sitting in front of a keyboard, typing furiously for hours to break into a Gibson computer and bring down the company is generally erroneous. But the Hackers movie has two things right: the weak password ("God"), and when Zero Cool/Crash Override calls the security guard and gets the number to the dial-up modem.

Whoops.

Social Engineering is defined on Wikipedia as:

"...the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims."

In other words, they trick you into giving up some vital piece of information, often your password, or details to figure it out. Or they get you to reveal private details like your username. They might call you, email you, or text you.

In the movie, Crash Override tricks the guard into giving up a vital piece of information, allowing him to take over the TV network.

Okay, so that's Social Engineering. What about the title of this post (Passwords)?

See, passwords are often the only thing that separates crackers from getting into your account. Once that's gained, it's way too easy. 

So, you need a strong password. But what's considered "strong"? Basically, if any part of the password is found in the dictionary, it's a bad password. But you can't have a random string of characters and expect to remember it (well, most people can't, anyway). So you need a password that's hard to guess - even if the cracker has access to a 25-GPU Cluster that can make 63 billion guesses per second.

That's why it's important to make a STRONG password, not just an "okay" one.

What makes a strong password?

Generally, it's not complexity (though that's still a factor). It's LENGTH. Many systems still require only six character minimum. Some require eight. With today's technology, that's not nearly enough. Aim for TWELVE if you can. Maybe more. While most systems do have a maximum amount of characters, this number is very high (like 45+ characters), so you rarely need to worry about having too much.

The general requirements for complexity are that you need three out of the following four categories:

• Upper case letters (A-Z)
• Lower case letters (a-z)
• Numbers (0-9)
• Special Characters (@, #, !, &, *, and so on...)

You should have all four of these categories, even if your system doesn't require it. Also, don't make semi-obvious replacements (using @ for "a", as an example). 

What other items should I avoid when making a password?

Well, avoid keyboard patterns. I work as a desktop technician, and there was one point we had to gather every field users' passwords. Since they don't handle highly sensitive data, this wasn't a major issue, but we got to see what types of passwords are being used. Here are some examples:

• Password4
• Password9
• Password99
• P@ssword1
• <usersname>1
• <companysname>1
• <dogsname>1
• Poiuytrewq1
• pl,okmijn

So they get from absurdly simple (and UNBELIEVABLY easy to crack), to relatively easy-to-find information (user name, company's name, pet's name), to...wait...what are those last two? They appear sufficiently random, don't they?

Nope. Look at any US keyboard, and check those keys in the order given. See any patterns emerging? We saw a lot of this, and people think they're being clever. The problem is that crackers are generally more so.

So let's avoid easily-guessable patterns and standard words as password bases, mkay?

Okay, so what can we do to get a strong, but memorable password?

First off, forget the word "password". Try to think in terms of "passphrase". In fact, many Linux systems are already thinking in this capacity.

Instead of a word, try thinking of a nonsense phrase. An example is "Correct horse battery staple". That's from a now-famous strip on XKCD, talking about how what seems to be a complex password might not be. It also shows how to make something nonsensical and somehow easy to remember. Throw in a number or special character, and now it's relatively impossible to crack (I say "relatively", because no password is truly impossible to crack - it just takes a LOT longer). 

So if I choose a nonsense phrase as my password (er...sorry, passphrase), why do I need to change it periodically?

Well, this is a two-part deal. 

First, if a cracker gets access to your account and you don't know, changing your password will immediately cut them off of access. This is generally not a big issue, as most crackers won't sit around silently, allowing you to retain your access. They'll dive in, get their information, cause whatever damage they want, and get out. But the process is still sound.

The second part has to do with how long it takes to crack a password. Remember that XKCD comic? They said it could take 550 years at 1000 guesses per second. But with advanced technology, crackers have significantly reduced that time to months or weeks - perhaps even less.

So if your systems password database is stolen, the encryption takes a while to crack, but not forever. If you change your password after the database is stolen, but before it is cracked, the cracker has just wasted a large amount of his/her time, and gotten nowhere. 

But with that huge 25-GPU machine you mentioned earlier, doesn't that make all this pointless?

Yes...and no. As I mentioned, passwords are often the only line of defense for your account - but they don't have to be. We can enable (on many, but not all, sites) 2-Factor Authentication. But that's a topic for the next post.

How To Ask For Help From Techies...

...and nearly any other group of experts on a particularly involved topic.

NOTE: I tried to do a TL;DR version, but with the commentary, it was almost as long as the original article. I STRONGLY suggest you read the entire article linked.

You see, as a computer technician, I get a LOT of questions about computers and how to fix them. Frequently, it's a quick "how do I..." question, asked in passing at work or by friends while I'm out and about. Generally speaking, I'm okay with quick "how do I..." questions, as long as it doesn't take more than a couple of minutes to answer.

But there are always (and frequently so) the users who constantly barrage technicians like myself with issues they have on their personal or work PCs. Unfortunately a LARGE MAJORITY of these issues are the type that just irritate the hell out of me and other technicians.

So today, I bring to you a link for downtime reading. It is long and a bit brash. It's written by a "hacker". No, not one of those malicious little punks who write viruses and break into your systems (those are more accurately called "crackers"). No, he's a hacker, meaning a high-level expert in a variety of systems and computers in general.

So in this article, now about two years old in its latest iteration, he talks to end users about how to ask smart questions to techies. How to elicit better responses (hint: 'better' responses are not always what you'd think), and how to make it more likely to get a response AT ALL.

So, without further ado, the link is here (beware, this is a long, but very useful read):

http://www.catb.org/esr/faqs/smart-questions.html
(Note: reposted here in accordance with author's policy)

I urge everybody to read that - it shows how to make it more likely to get answers from very technical people on websites, and to find your answers for FREE! But bear in mind that it's not all easy work. In fact, it puts a lot of the responsibility on you, the end user. In short, it shows user and technicians alike how to LEARN.

I very much agree with the author's point of view. It is, by and large, how I learned so much about computers. I didn't keep asking question after question after question. No, I did my own research and then asked when I honestly couldn't find the answer. I still hold to that, and even teach my sysadmins a few things that they don't know (because hey - nobody knows EVERYTHING about computers).

Keep in mind that the suggestions in the above article are not just about asking for free help; it’s also a valuable set of lessons for dealing with your company’s IT support, as well. While some of the items don’t translate to in-house IT, a lot of it does (especially the part about Googling for your answers).

It’s not about lazy IT technicians not wanting to do work; it’s about technicians who want you to learn. We want you to learn how to resolve your issues; that way, when you run across the problems you can’t resolve, we’re presented with the challenges that much US learn. That’s why there’s a joke that the #1 tool for IT techs and sysadmins is Google. Here’s a hint: that’s not a joke – it’s the actual truth. In fact, that’s very frequently how many of us learned enough to become professional techs.

Beginner Monday–More Terminology

So there’s a lot of users in the workforce that confuse terminology, and inadvertently say the wrong thing to their IT support. This post is about correcting some of those misperceptions. That way, when you talk with your Tech Support, you can say the right things (hopefully) and get them on the right path. Because if you say server, and you mean wi-fi, you can send your tech support down the wrong path (and thus take a lot longer to fix your issue).

1. Network – This is any setup that allows one computer to talk with another. Any method that allows two computers to interact is a network. There are a lot of types of network, but there are two categories that most users care about: wired (or LAN), and wireless (or WI-FI). More on these terms later.

2. Server – This refers to an actual machine type, called a server. It has a special operating system. There are three versions, Windows Server, Linux Server (which has several sub-versions, called distros), and Unix Server. Some applications are accessed on a server. Some network items are done from servers – such as your account and relevant password, anything done by Citrix, emails, websites, and much more.

3. LAN/Wired network – This is when you plug a network cable into your laptop/desktop/netbook. It uses a special type of cable, the most prolific of which is known as an “ethernet” cable, or RJ-45. It looks like a phone plug, but larger.

4. Wireless/Wi-fi – This is a huge up-and-coming technology. Like anything else in computers, there are several types. But for simplicity’s sake, we’ll leave it in general terms, and just call it “wireless”. There’s been some misconception about wireless – it only refers to networking, nothing else. For some reason, a lot of people think that it refers to wireless power (thus no need for a charging cable), which is absurd.

Wireless networking requires two items: a wireless router or wireless access point, and a wireless-capable device. The device is usually a tablet, cell phone or laptop. The “wireless” is only between these two items. Some confusion is people thinking the router didn’t need to be plugged into the wall. There still need to be power and network cables between the router/AP and the wall; just not between the router/AP and the laptop/device.

The general range of wireless is a couple of hundred feet if you’re really crazy lucky. House walls and lots of power lines and metal construction can interfere with signal. Most of the time is pushing it after 50 feet in real-world conditions.

5. Bluetooth – this is a type of wireless that requires a special mention here. It’s a type of radio signal (similar to your car radio), but with a very short range; about 35 feet. It has to be “paired” with devices, so the bluetooth-capable device has to have a passcode to connect. The most common use of bluetooth technology is between a cell phone and headphones. Though, it can be used between a computer and other devices: printers, speakers, docking stations, keyboards, mice, and even between a computer and a cell phone or another computer.

6. Internet – This is the network of all networks. It is a network of networks. Connecting to anything beyond your own building/house/structure is almost certainly going to the Internet before it gets to the destination. The Internet carries the signal from computer to websites or other buildings/cities/countries.

7. Intranet – This is an internal network, meaning it’s only accessible if you’re connected to the same network as the other device (the internet doesn’t count, as it’s not one network, it’s millions of networks). Some portions of a company’s network can only be asked if you’re on the same network; some websites, email, etc. If your intranet is not available, that doesn’t necessarily mean that your internet is down. The reverse is also the case; just because the internet is down, doesn’t mean your intranet is not working. If both are not working, then it’s a local network issue, or a problem with your PC not connecting.

10 things your IT guy wants you to know…

Original is posted here. Re-posted with permission from the author.

---

A great list of some things we all wished our users knew.

1. Don’t argue with me.

If you come to me to ask technical questions, please don’t argue when you don’t like my answer. If you think you know more about what you’re asking than I do, then why even ask? On that same note, if I am arguing with you, it’s because I’m certain that I am correct; otherwise I’d just tell you “I don’t know” or perhaps point you somewhere that you could look it up. We don’t argue just for the sake of arguing.

2. If you say you’re an idiot for doing something, I’ll likely agree.

When you start a conversation by insulting yourself (e.g. “I’m such an idiot”), you will not make me laugh or feel sorry for you; all you will succeed in doing is reminding me that yes, you are, indeed, an idiot, and that I’m going to hate having to talk to you. Trust me, you don’t want to start out this way.

3. Don’t lie about what you did, we’ll find out anyway.

We’re okay with you making mistakes; fixing them is part of our job. We are NOT, however, okay with you lying to us about a mistake that you made. It just makes it that much harder to resolve and thus makes our job more difficult. Be honest and we’ll get the problem fixed and both of us can continue on with our business. Lying to us and, therefore, costing us twice as much of our time will not win you any brownie points with IT.

4. IT might be awesome and powerful, but even we have limitations.

There is no magic “Fix it” button. Everything takes some amount of work to fix, and not everything is worth fixing or — gasp! — even possible to fix. If I tell you that you’re going to have to re-do a document that you accidentally deleted two months ago, please don’t get mad at ME. I’m not ignoring your problem and it’s not that I don’t like you, we just can’t always fix everything.

5. Don’t cry wolf.

Not everything you ask us to do is “urgent”. In fact, by marking things as “urgent” every time, you’ll almost certainly ensure that we treat none of it as a priority.

6. It’s pretty likely you don’t have the most important job.

You are not the only one who needs help, and you usually don’t have the most urgent issue. Give us some time to get to your problem; it will get fixed.

7. Like an elevator button, we won’t come to you faster if you keep pushing ours.

E-mailing us several times about the same issue is not only unnecessary, it’s highly annoying as well. We record issues in a database so that we don’t lose track of them (remember how we ask that you create a ticket? That’s why.) We will typically respond as soon as we have a useful update to make. If your problem is urgent, please do let us know (but see number five).

8. Email me, we’ve got 5 devices that tell us when we get a new email.  However, many of us still only have one that tells us when you left a voicemail.

Yes, we prefer e-mail over phone calls. It has nothing to do with being friendly or anti-social, it’s about efficiency. It is much faster and easier for us to list out a set of questions that we need answers to than it is for us to call and ask you them one by one. You can find the answers at your leisure and, while we’re waiting, we can work on other problems.

9. Don’t cry.

We may, at times, seem blunt and rude. It’s not that we mean to, we just don’t have the time to sugar coat things for you. We assume that we are both adults and can handle the reality of a problem. If you did something wrong, don’t be surprised when we tell you. We don’t care that it was a mistake because, honestly, it makes no difference to us. Please don’t take it personal, we just don’t want it to happen again.

10. We can do most, if not more than the things you think we can do, but we don’t because we don’t really care.

Finally, yes, I can read your e-mail, yes, I can see what web pages you look at while you’re at work, yes, I can access every file on your work computer, and yes, I can tell if you are chatting with people on instant messenger (and can read what you’re typing, as well). But no, we don’t do it. It’s highly unethical and, perhaps more importantly, you really aren’t that interesting. Unless I am instructed to specifically monitor or investigate your actions, I don’t do it. There really are much more interesting things on the Internet than you.

---

JR’s Commentary:

This was a good read, and is still relevant to today’s IT world. Yes, the above post is pompous and arrogant. But it’s also the product of YEARS of mistreatment by end users. Too many times we’re treated as servants or “lesser positions”. We are co-workers in most cases, and deserve to be treated thusly.

Now, if you’re a customer who’s paying money to have somebody fix your personal computer – then, by all means, stand your ground. But don’t be rude about it, and be sure they CAN fix it, and that it’s not your fault. It’s not just a joke that most computer issues are brought on by what we as users do to them, not because “it just stopped working right”.

I want to bring special light to #3. It is a VERY well known (and, unfortunately, deserved) case that “users always lie”. No, none of us are so naïve to believe that every single user will lie every single time. The problem is that users will frequently leave out important information (“The PC won’t work because I left my power cable at home three weeks ago”), or that they will lie outright to try to avoid looking stupid (“No, of course I didn’t do anything to it whatsoever. You guys in IT are the last ones that touched it six months ago”). The first issue is annoying, because it takes a LOT longer to find out what the real issue is. The second makes us mad, and makes everything else you tell us suspect – do you really expect us to believe that you didn’t work on your computer AT ALL for the last six weeks/months? No, you did something to your PC. Don’t try to tell us you did nothing.

If you tell the truth on how you screwed up, we actually won’t be mad at all! In fact, we’d feel refreshed at the change of pace, fix the issue, and move on to the next ticket; end of story. If you try to hold on to the lie, you wind up becoming somebody we despise, and you’re suddenly a story we tell on sites like Faildesk.net, Reddit, Clients From Hell, etc. Don’t be that guy/gal.

11 Reasons Your IT Guy Might Just Despise You

Originally posted here. Re-posted with permission from author.

---

Don’t get me wrong.  I like to help folks out – but its the users that don’t really think before they call us that get me.  Somewhat on the heels of “10 things your IT guy wants you to know,” I present to you some pet peeves I’ve experienced personally.

11. You get pissed off and hang up on IT because they asked you to “open a ticket” because they were already busy with something and didn’t want to forget what it was you called about.

10. You keep asking IT “when is the server going to be up,” but instead only delaying the server repair by doing this every 5 minutes because you have a report to get out.  You’re acting like a pop-up ad.  Stop it.

9. You ask IT to train everyone on how to use the calendaring system, but you don’t show up to training because you don’t know how to use the calendaring system; making you by far the worst offender.

8. You can’t find your battery for your laptop and blame IT because they “never gave you one.”

7. You keep submitting tickets to IT asking for “more coffee” or alerting them that “a customer threw up in the lobby.”

6. You submit tickets with information like “Computer not working” or “Internet is broken” with no additional details.  Thanks.

5. You complain about how your “monitor doesn’t look right” and how “IT always messes up your computer” after they came in and completely restored your system because you infected your computer with a virus…this occurring AFTER being explicitly told “NOT to open that attachment” in yesterday’s email.

4. You keep figuring out ways of removing administrative privileges from your computer because you “don’t trust anyone.”

3. You complain your “laptop NEVER works right” as you drop it on IT’s desk from a height of 2 feet, when in fact the wireless switch was turned off.  By you.

2. You call IT to “do you a favor” and figure out how to work your way around the web filter so you can shop for Victoria’s Secret merchandise during work hours.

1. You call IT for an emergency on Christmas because you can’t get your son’s iPod connected to your wireless network.

---

My commentary:

The above was written by somebody on Faildesk.net by an IT technician. While it is written quite angrily, and not very friendly to end users. However, end users need to take away a few things from this: you should work WITH your IT support, instead of trying to get them to work FOR you. We’re not servants, we’re co-workers. And just like most of you, we’re experts; just not experts in the same fields you are. With that in mind: I’m going to make a slightly-less-angry commentary on each of the above points.

#11 – We ask you to open a ticket for a couple of reasons. First and foremost, so we don’t forget what we’re working on. The idea that “we work on one thing until it’s done” is simply not possible in our field. Computer move fast, and break just as fast. The only way to tackle one problem at a time is to have one technician FOR EACH MACHINE – period. That means if there are 2,500 computers in your company, you would need an IT staff of 2,500 technicians. That’s just not going to happen.  Also, by having a ticketing system, we have an area we can document steps taken so far (to avoid duplicating steps we’d already tried). It also allows us to use your issue, and its resolutions, to solve future issues of the same type.

#10 – Trust me, we KNOW you need your problem solved. You don’t need to keep asking when it will be resolved. If you are asking the helpdesk or technician several times when it will be back up, they have to stop working and answer your call/visit/email, and respond. Sure, that might be two minutes, but if it’s a major system outage, you can be sure you’re not the only one asking. Take a few hundred of these calls, and that can effectively paralyze the resolution. The other alternative? Ignore the requests for updates, and that means there’s a few hundred users out there who complain that “IT is ignoring them”. Don’t be a part of the problem; Report the issue and let us do our job so you can eventually do yours.

#9 – This one’s a little far fetched, but does happen. It’s one of the main reasons I posted Monday’s post about researching your own answers. If we just give people the answers, they rarely learn the answer; they instead learn to rely on asking IT for how to use the computer.

#8 – For some strange reason, IT is blamed for all problems with electronics. I don’t get it. But trust me, we are very unappreciative when users blame us for losing items that were checked out to somebody else. All too often, a laptop will be checked out to a user, who claims they never received a batter/charger/case/mouse when we gave it to them. If that were true, the appropriate time to bring it up is RIGHT AWAY. Before you even walk away from picking it up. Not months later.

#7 – This is a particular annoyance to IT. We are not “The Help Desk”. We are “The IT Helpdesk”. Too many people think we “help” on all issues – period. We’re IT. We’re not electricians, remodelers, suppliers, accountants, HR reps, janitors, or anything else. We are IT professionals – we help with Information Technology concerns – PCs and related equipment. If you’re annoyed that you have to dial yet another phone number to get your issue resolved, you need to remember that it was your fault – YOU called the wrong number, not us. Generally, we’ll try to be helpful and let you know where you need to call, but don’t expect us to do it for you.

#6 – This was addressed with a huge amount of detail on last Monday’s post. In short, when you submit a ticket (either through a web portal, or through email), you need to keep subject concise, relevant, and helpful. They should provide a modicum of information actually relevant to your question, but not so detailed that you can’t get it all in the subject line (details are put in the message body). Also, please be sure that it gives us an idea of what the actual problem is. Subjects of “PC not working” (why isn’t it working? How isn’t it working?) will often get ignored, deleted, or deferred. A subject line of “PC will not power on – power is plugged in” is succinct, helpful, and starts with the fact that you did at least the most rudimentary troubleshooting (if you did more, put it in the message body). See last Monday’s post for way more helpful detail and suggestions.

#5 – This is actually a couple of points. Keep in mind that the idea of “IT always messes up your computer” is more likely the case that we didn’t restore it to exactly the same situation in which we received it. Keep in mind that if we did that, that means we restored it in exactly the same problem-ridden situation in which you gave it to us. We have to return it to a fairly generic state, without all your customizations and pretty desktop and desktop icons arranged in the specific way. We’ll keep what we can, but that’s not always possible.

#5a – The other issue here is when users do what we quite specifically told them NOT to do. I’ve had MANY times where I told a user to stop trying to log in (because her account was continuously being locked out), while I was doing something on the server. If we ask you to not do something, we really do mean it. If you do that action, then you either don’t respect our expertise enough to listen (why are you calling us, then?), or weren’t listening to what we were saying (why are you calling us, then?). If you don’t think what we said is right (we can get it wrong, too!), then either research the issue yourself (see last Monday’s post), or seek out another IT pro to help (like seeking a 2nd opinion from a doctor’s office).

#4 – If you are the type that can’t trust your internal IT support, then don’t try to lock them out. Simply don’t put your private information on your PC. If that means you are so distrustful that you can’t work on your computer at all – then quit your job. Really. That’s company computer hardware, not yours. This is one of the reasons IT departments don’t like giving local admin rights to users.

#3 – This is a case where people blame IT for everything (see #5, above), but people won’t take responsibility for their own actions. They throw their computers around (HUGE NO-NO!!), don’t check for solutions to resolve their own issues, and jump immediately to blaming IT. You must be ready to take responsibility for your own work, your own actions, and the equipment assigned to you.

#2 – Asking for IT to work around policies and safeguards is problematic, at best. You know how that notice says your have no right to privacy? Well, we in IT have even LESS privacy than you. So when we pull back that part of the firewall to let you visit a non-work related site, our bosses know who’s done it. And we risk our jobs to let you risk yours. So don’t ask us to do it. If you’re not sure if it’s against policy, then ask! We’re happy to let you know we can’t fulfill it (though, we won’t like telling you, for the same reason you won’t like to hear the answer). If you feel that the policy should be changed, yelling at IT isn’t the answer. Put a request in through management; it usually takes a very senior-level manager (Think, “C-level”) to change IT policies.

#1 – This is the fastest way to get on an IT pro’s bad side. Think to yourself, would you work for free? Would you come into work on your day off, for no pay, with no warning, and be happy about it? If you would do so, then you are a SUPER RARE PERSON that has an unrealistic view on life. Most doctors don’t like to be called on their home phone by patients asking about this sudden cough they have. Few mechanics will work on your car for free in their own garage. Accountants aren’t likely to work on your taxes at your house at 11:45pm on April 15th, for free.

#1, cont. – For some reason, IT is looked at like we should help everybody with their PC issues. Our society doesn’t look at other professions like this – why do we treat IT like it? We have bills to pay; we have rent to make; we have groceries to buy. We’re not able to pay that in favors. If we do all IT work for free, we have to find another income source, which takes time away from us to work on your issue anyway, and makes it less likely for us to keep up with the latest software/technology.