
Ask HN: What's your work computer exit strategy? - dailen
Friend of mine was recently let go from our place of employment and that got me thinking. Should I have an exit strategy for leaving my work computer?<p>I don&#x27;t mean like destroying, taking, or anything of illegal nature but I mean removing secure things like access to my password manager, browser profile, etc.<p>Granted a lot of this should be 100% secured 100% of the time but after 4 years I get tired of entering some passwords over and over and over.<p>So leads me to wonder if this should be some sort of emergency switch like an IFTTT trigger or something that triggers the deletion of certain things on certain devices should I trigger the emergency switch.<p>Thoughts?
======
PhantomGremlin
Here's the most important thing to remember:

    
    
       DO NOT USE YOUR WORK EMAIL
       FOR PERSONAL COMMUNICATION
    

You will lose access to that email on the day you are "let go".

edit: same thing for a work phone number.

~~~
GFischer
Also, if you want to keep in touch with people, make sure they have some way
to contact you - not that much of an issue in the social networks age, but in
places I've worked at, workers leaving would email most everyone with their
contact info.

------
Someone1234
> So leads me to wonder if this should be some sort of emergency switch like
> an IFTTT trigger or something that triggers the deletion of certain things
> on certain devices should I trigger the emergency switch.

Wouldn't take much for that to be misunderstood and for you to get a nice
friendly visit from the cops. YOU might know that it only deleted "your"
stuff. But your employer might not.

I agree with everyone else in this thread: Stop leaving stuff on work
computers. Period. You use a password manager, log it out every single day.
You want access to files? Install e.g. DropBox but log in every single day,
etc (or use your phone as a USB storage device).

~~~
dailen
> Wouldn't take much for that to be misunderstood and for you to get a nice
> friendly visit from the cops.

That's a very good point, I hadn't considered if there's a suspicion of what
was done and what for (since I was only considering personal privacy)

Okay so what about a personal device like a laptop or desktop you own?

~~~
dailen
Actually I believe that question almost needs it's own thread

------
fencepost
Well-designed cloud services will have a way for you to "de-authenticate"
devices. For some of these you may need to be on a real computer not just a
phone/tablet.

For some of the synced cloud storage options you may be better off moving all
of the files out of that provider's control from another computer so that the
removal will have time to propagate back to the PC in question - not all of
them offer remote wipe capabilities.

In LastPass, go into your vault in a browser, then Settings. There are areas
for both Mobile Devices and Trusted Computers, from which you can
disable/delete each entry.

In Dropbox, go into your Account settings, then Security and you can see and
manage a list of all devices and applications you've linked with your account.
Note that you can ONLY do remote wipe of your Dropbox files if you have
Dropbox Pro or Business, but you could presumably sign up for just 1 month of
Pro.

If you're using 1Password, the Dropbox cleanup should take care of that since
it stores passwords in a folder structure under your Dropbox account.

Google has something similar, particularly if you're using 2-factor
authentication. I'm not sure about remote wipe.

Box.com has something similar, go into your account settings and look for the
Security tab at the top, but there doesn't seem to be any remote wipe
capability.

For bookmarks, I didn't see anything along these lines in the XMarks
documentation or my control panel, but I've submitted a ticket to ask them
about it.

That's just a starting point, details will obviously depend on what specific
services you use.

------
a3n
Minimize things you can't bear to lose or reveal, both electronic, and
physical things in your drawers etc. As for physical, I can walk out the door
with a small plastic grocery bag (which I actually keep in my desk), and if I
couldn't have what I'd put in the bag I wouldn't think twice about it.

I have a few pictures I've uploaded from my camera. They can have them. Same
for a few O'Reilly ebooks.

I have a few Firefox bookmarks, and browsing history. They can have them.

I have the LastPass plugin installed, but I don't have it set to stay logged
in. I'm always logged out of LastPass, and if I need to get to a site with a
LastPass password, I log in, do the thing, and log out.

The only hole that I've pondered is that I'm always logged in to pinboard. I
suppose the solution there is to change my pinboard password the evening after
being let go, if I remember to do it.

------
kogir
You should operate under the assumption you could lose your computer at any
point, for a variety of reasons. It's far more likely you'll drop it, spill
something, lose it, or have it stolen.

I keep everything important elsewhere. Code is in source control.
Documentation is alongside code or on the wiki. Personal email and work email
are in separate Google Apps accounts. There's nothing I care about residing
solely on my laptop.

For security against theft, I use FileVault.

If work wanted me out right now, I'd turn off my computer and walk away.
Without my password they can't decrypt anything on the drive, everything the
company cares about is elsewhere, as is everything I care about.

Ignore this advice at your peril. I know countless friends who have _freaked_
when their laptops were stolen in SF. I just get a replacement and set
everything back up.

------
nobleach
Your company may differ, but many have a policy that states ANYTHING you do on
a company owned machine is considered open for scrutiny. Some places have a
semblance of privacy - meaning they're not going to read your Gmail or mess
with your Facebook profile. Upon termination, you surrender any right you have
to the data on your machine. So to echo the sentiment of others. Don't use
your work machine for private data. This can be difficult, as it's easy to
take your laptop on vacation to "do a little work"... and then wind up wanting
to check your facebook. For that, I'd suggest logging out when you're done.
Don't allow Chrome to remember passwords.

------
sriram_sun
Happened to me a few days back. I quit, but was asked to leave pronto.

1\. I've been using a password manager I purchased. That was the first thing I
uninstalled.

2\. Unlink DropBox. Delete the DropBox folder.

3\. 4-years is a pretty long time. If I ended up using my work laptop for
personal stuff (for instance a friend asks me to review their resume, scanned
docs, pictures, rental applications etc.), I create a folder called personal
that I can delete. Usually this would be under my DropBox folder anyway.

If I get walked out (i.e. I don't have access to my computer), I wouldn't know
what to do. Ideally you would expect IT to wipe the hard disk and re-image the
whole disk. I'm not sure it happens as often as it should.

------
joeclark77
I use LastPass as my password manager. You can set it so that you need to
enter your (one) password when you turn on the browser. Tell your sites not to
remember your login -- the LastPass browser plugin will remember it for you.
That way if you're no longer employed, no one without the LastPass password
can get into your personal e-mail. You could, of course, have the browser
remember logins for work sites, as there's nothing secret there.

I would also suggest separating your cloud storage. If you have a private
Dropbox account, for example, use one of the other services (e.g. OneDrive)
for storing work documents. There should be as little mixing as possible.

------
robinduckett
Nothing on my work laptop is sacred, work stuff is kept in the cloud or
bitbucket/github, personal stuff is on dropbox. I would lose how I've set my
dev environment up, but that's about it. I'd just wipe/reinstall.

~~~
Spoom
This is the best answer. Keep personal stuff on your personal system. Don't do
anything personal on a work-owned system (or if you do, do it in incognito-
mode or something).

Most times, if you're let go, they won't give you the opportunity to wipe your
system anyway, they'll just lock you out.

Plus, you know, you don't want to be accused of destroying company property.

------
codeonfire
Why would you use your work computer for anything but work? I treat it like
someone else's property. You can also assume your employer is keylogging and
watching your network traffic.

------
HelloNurse
A bootable USB pendrive with a live Linux distribution is perfectly suitable
for nuking hard drives as fast and conveniently as possible and making sure
nobody "inherits" your viruses and badly installed software.

Removing data should actually consist of reloading the last backup on your
next computer, at worst launching your regular backup scripts one last time;
if you need to improvise an ad-hoc exodus on short notice forgetting something
is unavoidable.

------
esw
Honestly, I don't install or save anything on work computers that isn't
related to work.

