I mean kind of depends. I got a soft layoff so worked 6 months more and got 3 months pay for the transfer to India.
I think best practices for highly secure environments is at the time of notice you lock the account and give that person 2 weeks off.
Most normal company’s it’s cool work till your last day, do your exit interview and we lock your account on Friday afternoon or Monday
Also you never want to change someone’s password on termination. What if their login is running some business critical tasks? Not best practices but I can tell you it happens a lot especially for reporting. If you lock the account you can always just reenable it and work to fix the issue
Last year, I tried my admin creds at my old job and it still worked. I was afraid of retaliation so I sent them a message from a throwaway email about changing their passwords.
Legally, it would have been better to send the mail from your personal account.
Otherwise there’s a possibility that something happens to get fucked up right around the time you logged in, they pull the logs and find your access.
Bam, motive and opportunity, and no way to provide an alibi.
That might be slightly illegal.
That person might be slightly doomed.
Companies need to remember to change the login password BEFORE firing people with login passwords.
I mean kind of depends. I got a soft layoff so worked 6 months more and got 3 months pay for the transfer to India.
I think best practices for highly secure environments is at the time of notice you lock the account and give that person 2 weeks off.
Most normal company’s it’s cool work till your last day, do your exit interview and we lock your account on Friday afternoon or Monday
Also you never want to change someone’s password on termination. What if their login is running some business critical tasks? Not best practices but I can tell you it happens a lot especially for reporting. If you lock the account you can always just reenable it and work to fix the issue
Last year, I tried my admin creds at my old job and it still worked. I was afraid of retaliation so I sent them a message from a throwaway email about changing their passwords.
Legally, it would have been better to send the mail from your personal account.
Otherwise there’s a possibility that something happens to get fucked up right around the time you logged in, they pull the logs and find your access.
Bam, motive and opportunity, and no way to provide an alibi.