Cite Contribution
Community Manager
Ryan
India's 1st Strategic Strengths Coach, Corporate
Kanika Kapoor
Soft And Behavioural Skills Trainer
+1 Other

Our IT Admin person is asking everyone in our company to share their official company email passwords. The IT Admin person already has access to the main admin account of the email management system and can anytime change the password of anyone. Many people in our team are concerned as if there is a list of passwords are leaked, anyone can access anyone's account and send emails. This could put the person whose email account was used in trouble (IT Act, etc - what if someone sends dirty pictures or threats). The IT Admin person has not even asked to submit passwords via an official document; he has just asked it verbally and the main HR person is also pressuring the employees to give the passwords.
Can anyone explain the implications and legality of this? Are there any other alternate solutions?
This is a concern since it is not likely to be within the guidelines of the IT security policy.
You can ask them to send a notice by email to everybody to provide this. Do this through your manager. Maybe it could be escalated to senior levels.
Secondly - do not use official email for any form of personal discussion with anyone. If you have done so already, please delete it immediately.
Hope this helps.
Regards
Dear Anon,
I echo Ryan and request you to explain why would the IT Department need the passwords ? Which password is they asking for? Is it the login password to the laptop/desktop or to the mailbox ?
They anyhow have an access to each and every interaction within their network, including intranet and mail boxes.
Asking for the password separately rather looks like an initiative to forewarn employees on their interactions.
Please try and understand why the system have been set . Sharing password is against the Code of Conduct to every firm.
Looking forward to hear from you!
This is not normal accepted policy. As per IT security policy, password sharing is not allowed. IT should be able to reset the password, whenever they required. This should be logged with reasons as well as you will be aware when password is changed.
If password is to be shared for any reason, it should be well documented and notified to stakeholder to avoid any dispute later on.
You should also confirm incase your Email account is misused, how responsibilities will be fixed. (Rare chance but still a Grey Area).
Thats actually against the Code of Conduct.
Ppl can misuse the profiles...
IT employees anyways have the accesses to all accounts and may create or delete the profiles. Also like you already said it is asked verbally so please do not take any action.
In case if someone really pressurize you please share a wrong password ;)
Hope it helps!!
The IT Admin person of your company is taking you all on ride, if he/she has the admin access he/she can change the password of any user of his/her choice and can access the user's mail. I smell something fishy kindly check the IT Security Policy of yours if there is any flaw
Add Reply Start A New Discussion

Cite.Co - is a repository of information created by your industry peers and experienced seniors. Register Here and help by adding your inputs to this topic/query page.
Prime Sponsor: TALENTEDGE - Certification Courses for career growth from top institutes like IIM / XLRI direct to device (online digital learning)





About Us Advertise Contact Us
Privacy Policy Disclaimer Terms Of Service



All rights reserved @ 2019 Cite.Co™