Our IT Admin person is asking everyone in our company to share their official company email passwords. The IT Admin person already has access to the main admin account of the email management system and can anytime change the password of anyone. Many people in our team are concerned as if there is a list of passwords are leaked, anyone can access anyone's account and send emails. This could put the person whose email account was used in trouble (IT Act, etc - what if someone sends dirty pictures or threats). The IT Admin person has not even asked to submit passwords via an official document; he has just asked it verbally and the main HR person is also pressuring the employees to give the passwords.
Can anyone explain the implications and legality of this? Are there any other alternate solutions?

From India, Mumbai

Foundation, advanced and integrative courses in the area of marketing for executives →
Promoted: Program in Marketing & Sales Management from IIM Kozhikode (Explore Course)

This is a concern since it is not likely to be within the guidelines of the IT security policy.
You can ask them to send a notice by email to everybody to provide this. Do this through your manager. Maybe it could be escalated to senior levels.
Secondly - do not use official email for any form of personal discussion with anyone. If you have done so already, please delete it immediately.
Hope this helps.

From India, Mumbai
Dear Anon,
I echo Ryan and request you to explain why would the IT Department need the passwords ? Which password is they asking for? Is it the login password to the laptop/desktop or to the mailbox ?
They anyhow have an access to each and every interaction within their network, including intranet and mail boxes.
Asking for the password separately rather looks like an initiative to forewarn employees on their interactions.
Please try and understand why the system have been set . Sharing password is against the Code of Conduct to every firm.
Looking forward to hear from you!

From India, Mumbai
This is not normal accepted policy. As per IT security policy, password sharing is not allowed. IT should be able to reset the password, whenever they required. This should be logged with reasons as well as you will be aware when password is changed.
If password is to be shared for any reason, it should be well documented and notified to stakeholder to avoid any dispute later on.
You should also confirm incase your Email account is misused, how responsibilities will be fixed. (Rare chance but still a Grey Area).

From India, Delhi
Thats actually against the Code of Conduct.
Ppl can misuse the profiles...
IT employees anyways have the accesses to all accounts and may create or delete the profiles. Also like you already said it is asked verbally so please do not take any action.
In case if someone really pressurize you please share a wrong password ;)
Hope it helps!!

From India, Delhi
The IT Admin person of your company is taking you all on ride, if he/she has the admin access he/she can change the password of any user of his/her choice and can access the user's mail. I smell something fishy kindly check the IT Security Policy of yours if there is any flaw
From India, Ahmadabad

If you are knowledgeable about any fact, resource or experience related to this topic - please add your views using the reply box below. For articles and copyrighted material please only cite the original source link. Each contribution will make this page a resource useful for everyone.

Please Login To Add Reply →

About Us Advertise Contact Us Testimonials
Privacy Policy Disclaimer Terms Of Service

All rights reserved @ 2021 CiteHRô

All Material Copyright And Trademarks Posted Held By Respective Owners.
Panel Selection For Threads Are Automated - Members Notified Via CiteMailer Server