[WBrad]

I get what you're saying here but:

>In the abstract sense, it is wrong to invade privacy.

You have no real expectation of privacy when using company owned equipment. This was almost certainly spelled out to the employee in question in the acceptable use policy he agreed to upon being hired. Companies have to operate this way so they can investigate computers if compelled to by court or law, and so they can recover important information off computers when the user exits the company.

If he was using a BYOD computer I'd have a different opinion on the matter.

[Quekid5]

The definition of acceptable use (and expectations of privacy) differs a lot between different countries. For example, in the EU, I believe that any personal email received on a work account is actually considered "beyond reach" of your employer.

I don't know, but I imagine that such considerations could easily extend to your password.

Btw, how did the sysop know that what he recovered was the actual password? I mean, it's unlikely, but at least theoretically possible that it was a false positive. The password hashes in those days were pretty weak... Just a thought; I don't think it realistically was a false positive.

[WBrad]

That is true, there are stronger privacy protections in the EU in general. I don't consider the actions here morally justifiable, just legally.

As far as it being the actual password, a false positive AND the fact he had been creeping on a coworker at the same time seems extraordinarily unlikely to me.

[Quekid5]

Agreed about the false positive, btw. It was just a hypothetical, but court cases ("beyond reasonable doubt") have a very high standard of proof.

[yaseer]

You make a compelling point. The key is 'acceptable use'.

Acceptable use is cracking passwords in an investigation with just cause.

Acceptable use is a script to automate the checking of weak passwords, and notify users.

Unacceptable use is an admin browsing cracked passwords, without just cause.

I personally think acting on the information obtained afterwards is acceptable, but some would disagree.

Remember even in some courts, evidence obtained by police illegally cannot be submitted for trial.

I maintain these moral problems are hard ones.