Last year I bought an ASUS laptop for my wife – an ASUS Vivobook S400CA which isn’t too badly specc’d with a small SSD drive and touchscreen. All seemed OK, apart from a somewhat dodgy spacebar that had to be pressed rather hard. We lived with that for a while, but got fed up so decided to log a fault on it.
I first started with calling the place of purchase – JB Hifi, who said I had to go to the manufacturer (I don’t *believe* they can legally say this under Australian Consumer Law, but that’s an aside issue) so I contacted Asus. I gave them all the necessary details, and was told I’d be contacted by the local Asus Repair Centre. A few hours later they called me, and said instead of posting it in, I could drop it off – fine by me as it was just down the road.
Upon arriving at the Asus Repair Centre, I am given more paperwork to fill out. It’s become obvious that this isn’t actually Asus, but a company that does work on their behalf. Again, no issue here as long as someone’s fixing the laptop. One of the fields on the paperwork asks for a ‘Password’. I query the person at the counter on this, asking why they need such a detail, especially since this is a faulty spacebar… and even if they really need to test it, the login screen will let them try.
The response was that because they did work on behalf of Asus, they had to test everything and give it a tick of approval, otherwise people will bring back their items with other faults and Asus has to keep paying this company each time that occurs. I can understand where they’re coming from, but they don’t need to log into my personal installation of Windows to do this surely? They said it was a necessity and they couldn’t accept the laptop without it.
I immediately logged in, created a temporary account with as little access as I could, and gave them the details. There wasn’t anything personal on this laptop that I knew of, but it’s still a worrying state.
I’m sure many of you will read this and just shake your heads, but here’s some reasons as to why this is bad practise:
- Giving them access to the laptop means they can easily go through it’s contents. Unless you’re computer savvy, you’re going to have little idea what access they actually have by handing over a login.
- These laptops run Windows 8 – Microsoft promotes the use of a Microsoft account for login. This login doesn’t just give local access to the laptop, but any service connected to the Microsoft account – Xbox, Hotmail/Outlook.com, Skype, SkyDrive – scary stuff.
- Someone logging a warranty claim should be told that this is a requirement before you turn up and get asked for credentials.
- When is it ever a good idea to write down your password on a piece of paper and hand it to a stranger?
I’m not sure if this is Asus’s own process, or just a process this particular 3rd party uses – but either way, this is something they should reconsider their policies and method. My recommendation would be for them to boot off a USB or CD to run diagnostics on the hardware, simple.
Note: I sent a tweet to Asus’s Australian twitter account @ASUSAU for comment but did not hear back. If I do hear anything, this article will be updated.