—–Original Message—–
From: Tommy Thomas
Sent: Tuesday, January 7, 2014 2:53 PM
To: ‘dan.mclane@coeurgroup.com’
Subject: FW: FW: Mayor Kent Guinn ISSUE=11186 PROJ=12

Here’s one where OPD sent the mayors new password for us to change it to and everything else related to him in an email. I deleted that part out when I responded back to him so the original request is not in this email obviously.

Thank-you,
Tommy Thomas MCP, Network+, Security+, C|EH, MCSA, MCSE Network Systems Administrator City of Ocala IT Division
110 SE Watula Ave.
Ocala, FL 34471
352.401.3928

—–Original Message—–
From: TOM JENKINS [mailto:tjenkins@ocalapd.org]
Sent: Friday, June 08, 2012 10:21 AM
To: Tommy Thomas
Cc: Jeannett Benson; Kent Guinn; Shawn Hoff; DENNIS YONCE; GGraham; LCyprian; RFord; ROBERT MAYWEATHER; RSmith; GINNY HANSEN; WARREN SCHLICK
Subject: Re: FW: Mayor Kent Guinn ISSUE=11186 PROJ=12

Thanks Tommy.

Appreciate the quick response.

On a related note, if this happens again, if you don’t mind, we’ll request that the Mayor contract you directly the next time he needs his City Eden password changed.

Hopefully, this should minimize the potential security breach.

Thanks again.

–Tom

>>> Tommy Thomas <TThomas@Ocalafl.org> 06/08/2012 10:02 AM >>>
Tom,

I have reset Kent Guinn’s active directory password on our network to the one you requested. Please know the requested password does NOT meet our password requirements, as well as it was included in the original request via an un-secured plain-text email that plainly associates his name, and job title, with the password; as well as references the application he has access to, which houses a lot of sensitive information. Not to mention, more than 10 people now know his password since it was requested via email to our support department. We do not wish to know anybody’s password as that is a serious breach of security.

In light of recent news stories and the upswing in hacking against local and state government entities, I strongly recommend that the Mayor use a different password for each of our domains, and one that can’t be hacked within a few minutes, or even guessed. I also recommend that the passwords not be sent through email.

Each user has the ability to change their own passwords so only they know the password. If he needs assistance changing the one on our domain, we would gladly help him next time he’s at his City Hall office. I can only recommend that he use different passwords, and urgently.

Thank-you,
Tommy Thomas MCP, Network+, Security+, C|EH, MCSA, MCSE Network Systems Administrator City of Ocala IT Division
151 SE Osceola Ave.
Ocala, FL 34471
352.401.3928

ORIGINAL EMAIL REQUEST WAS DELETED THAT HAD PASSWORDS