Click here to Skip to main content
15,608,053 members

Survey Results

Have you ever been asked to include a backdoor in your software?

Survey period: 7 Mar 2022 to 14 Mar 2022

Maybe it's to avoid having to ask for the keys, or a system that's just hard to debug, or maybe there are...other reasons. We don't want details, just an idea for everyone to understand how common this is.
OptionVotes% 
Yes, with no explanation as to why121.64
Yes, to help with tech support669.02
Yes, to help with locked out accounts375.05
Yes, to help with debugging527.10
Yes, for nefarious business reasons (we don't want details)172.32
Yes, for nefarious political reasons (we really don't want details)91.23
Yes, for other reasons172.32
No - I've never been asked to add a backdoor to my code53873.50
I've not been asked, but I've placed one for my own reasons719.70
Respondents were allowed to choose more than one answer; totals may not add up to 100%



 
GeneralFederal agency spying Pin
  Forogar  7-Mar-22 4:36
professional  Forogar  7-Mar-22 4:36 
GeneralOther reasons Pin
lucanor7-Mar-22 2:03
lucanor7-Mar-22 2:03 
GeneralBackdoor to Code vs. Backdoor in your software?? Pin
Slacker0076-Mar-22 23:28
professionalSlacker0076-Mar-22 23:28 
GeneralIn most products I had to insert some master password Pin
den2k886-Mar-22 21:44
professionalden2k886-Mar-22 21:44 
GeneralRe: In most products I had to insert some master password Pin
KarstenK7-Mar-22 3:56
mveKarstenK7-Mar-22 3:56 
GeneralRe: In most products I had to insert some master password Pin
den2k887-Mar-22 4:09
professionalden2k887-Mar-22 4:09 
GeneralRe: In most products I had to insert some master password Pin
KarstenK7-Mar-22 22:04
mveKarstenK7-Mar-22 22:04 
GeneralYes, and always for support Pin
Sander Rossel6-Mar-22 20:09
professionalSander Rossel6-Mar-22 20:09 
I've worked on a few systems that had a button that let's you take over a user account.
These were always business accounts, and I could always find the same data in the database, but I was still told to never ever ever let the customer know we had these impersonation buttons Roll eyes | :rolleyes:
It was mostly so that if a user got an error we could impersonate their account and do the exact same action they did to hopefully see the same error.
In these cases the software already had this when I joined the team.

One time I've been asked not to encrypt passwords so we could easily retrieve passwords and log in as users (asked to me by an IT-consultant and ex-programmer, go figure).
This was for a service and we got a lot of complaints about missing data (ultimately, the problem was never the service, but users using wrong date filters or the business not supplying the data).
I flat out refused that one, there are far better ways for me to check whether a user should get data.
They ended up letting IT give out passwords to users and I later found out they stored these passwords in an Excel file and all passwords were "00000001", "00000002", "00000003", etc. OMG | :OMG: WTF | :WTF:
Finally, I generated a password and added a reset password button.
They now screenshot the entire screen, including username and (one-time visible) password directly to users Sigh | :sigh:
I can't seem to win this one, but at least when the database gets hacked/leaked/stolen they won't find any passwords Big Grin | :-D

GeneralNo, but... Pin
PIEBALDconsult6-Mar-22 18:34
professionalPIEBALDconsult6-Mar-22 18:34 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.