TIFU by not knowing IT brand names and getting locked out of work for an hour

Submitted by takatori t3_zrasv9 in tifu

Sitting at my desk when I get a bit peckish at lunchtime, I lock my PC and head down to the shop for a tea and sammie.

Get back, sit down, log in, start browsing news while munching my ham & cheese.

Maybe a minute into it, I get an alert on my corporate mobile:

“Login detected at the Palo Alto Access Point. Was this you? 【Yes | No】”

I was surprised, because although I’ve worked in Palo Alto while I was in the US, this was years ago.

So of course, I answer “No,” and go back to browsing news and lunch.

Only, the next news story I click on doesn’t load. Nor the next one, or the next one. Google won’t even load. So I assume there’s a network outage, and figure I may as well get some work done.

But, nothing is working: I can’t load email, the company chat system stops working, my file access no longer works.

So I call Helpdesk. Sit on the phone for an hour, only for them to tell me my accounts has been disabled.

They ask if I’d had any login trouble, and I said “no, but I did get a warning that someone tried to access my account from the United States. I think I’m being hacked.”

“How do you know?”

“The message said someone tried to login in California.”

“How do you know there was a hacker in California?”

“Because I received a warning that someone tried to log into my account in Palo Alto.”

“That was you.”

“No, I’m not in Palo Alto.”

“Yes, your account is in Palo Alto.”

“I’m not in Palo Alto, so someone must be hacking my account.”

“Everyone is in Palo Alto. That was you.”

“No, I’m not in Palo Alto. I’m not even in California. I’m not even in the US. It’s not me.”

“Sir, everyone is in Palo Alto.”

“I’m not.”

“You are.”

“I know where I am, and it’s nowhere near Palo Alto, California.”

There was a pause.

“You mean Palo Alto?”

“Yes, that’s where it said the access was from.”

“No, Sir, ‘Palo Alto’ is the brand of our security device. It’s not in California, it’s down the hallway. We recently turned on logon confirmation two-factor authentication. It was asking if you logged in to the security system, not a place. I’ve unlocked your account, please log in again, and answer ‘Yes, it’s me.’”

TL;DR: I used to work in Palo Alto, California but am now overseas, so honestly answered “No” when an IT system asked if I logged in in Palo Alto, not knowing in IT parlance “Palo Alto” is a security system, not a place.

37

Comments

You must log in or register to comment.

leigh094 t1_j12oogo wrote

That feels like an IT problem. Like maybe not the best brand name choice and/or should have given more of a heads up

40

Xenox_Arkor t1_j12x5d3 wrote

Yeah. Having a warning message asking if you logged in from "system name that is also an actual location" is wildly unhelpful.

19

aussie_nub t1_j13marh wrote

I mean it's a brand name... the same way Cisco comes from San Fran.

The problem is not the brand name, but the idiot on the service desk that didn't explain that Palo Alto is the brand name of their networking equipment and that wifi point they were connected to is in fact in the office.

9

_my_cell_account_ t1_j1aak93 wrote

Definitely an IT problem. Prompt message should have been clearer, communication should have been sent prior to 2FA activation, and helpdesk should have been coached for when people are locked out.

Source: I'm head of IT at my work.

2

[deleted] t1_j12kxk7 wrote

Did tou try turning it off then on again?

11

takatori OP t1_j12kzxy wrote

I actually did try a reboot before calling Helpdesk, because they always ask to try that …

7

Humble_Hedgehog_93 t1_j15fz8e wrote

That sounds like a very confusing name to have for devices. Did they at least send out an email prior to this to explain the changes?

5

Outrager t1_j15qf8s wrote

I feel like I would've done the same thing and had the same exact conversation.

2