Company Cell phone; Personal Password?

We purchased new Samsung S7 cell phones for all the techs! We’d been waiting for this model, and were anxious to upgrade our S4 phones. Everyone moved their Contact list with no issues, installed Slack, our Syscon F.I.T. System app, setup their email, and we were off and running.

Then we wanted to swap my phone (I dropped my S4 and broke the screen) for one of the S7 phones that are not assigned to anyone right now. No problem; we’ll set it back to factory defaults and transfer my stuff to the new phone. Wait! We can’t get into the phone to make any changes; how can that be?

After a few long calls with our cell phone provider, I finally went to the local store. I explained that it was a company phone, on our company account. I explained that we had purchased the phones on that same account and all I wanted to do was move what was on my broken phone, including my phone number, to the phone we bought. No problem, all they need is the password to the Gmail account that was used when it was first setup. Mmmm…

So we went back to that person and asked for the password, but they couldn’t remember it. We tried a few password suggestions but could not get into the Gmail account that was originally used. I explained this to the provider and they said this was a new security feature. They cannot get into the phone, and neither can we, without the password.

Just to clarify, because I wasn’t sure I had jumped to the right conclusion, even though this is a business account and the business bought the phones, they and I cannot use the phone ever, unless we have the Gmail account password; I can’t swap numbers, re-assign the phone, nothing. Yes, he confirmed, I had made the right conclusion.

I have to say, I couldn’t believe my ears. The security feature they’re referring to is so that if the phone is lost or stolen, whoever ‘finds’ it cannot just clear it out and start using it. It also turns out that the recent iPhone models have a similar feature, tying the phone to a specific email account.

Of course, we didn’t need this security feature because we use a Mobile Device Management (MDM) agent for our cell phones. Also, when we distributed these phones, we were not aware of this new feature, so no thought was given to the implications of the Gmail account setup.

Fool me once, that’s on you. Fool me twice, that’s on me!

So we have a new policy for our company cell phones:
– We will provide a generic Gmail account and password to whoever will be using the phone, for the setup.
– The Gmail account and password will be kept in their personnel file.
– Should their employment end, we’ll need confirmed access, not only to the cell phone (which we already check for), but to the Gmail account, too, before distributing the last check.

What about the phones already in use? We’re going back to our staff and asking for the password associated with the Gmail account on their cell phone or, if it is a personal account, that they change the Gmail account on the phone using the account and password we provide. Either way, the details will be in their employee file.

Considering how much money we spend on cell phones, not to mention monthly usage fees, finding out that a new feature by the vendor renders the device useless without specific information is very frustrating.

Share this with whoever in your office tracks the company cell phones and find out where you are with this. Check out our next article on the pros and cons of Bring Your Own Device (BYOD) in our June 2017 Newsletter! – CMW