Concerns About Sharing Email Passwords
Our IT admin person is asking everyone in our company to share their official company email passwords. The IT admin person already has access to the main admin account of the email management system and can change the password of anyone at any time. Many people on our team are concerned because if a list of passwords is leaked, anyone can access anyone's account and send emails. This could put the person whose email account was used in trouble (IT Act, etc. - what if someone sends inappropriate pictures or threats).
The IT admin person has not even asked to submit passwords via an official document; he has just asked for it verbally, and the main HR person is also pressuring the employees to give their passwords.
Request for Legal and Alternative Solutions
Can anyone explain the implications and legality of this? Are there any other alternate solutions?
From India, Mumbai
Acknowledge(0)
Amend(0)
Our IT admin person is asking everyone in our company to share their official company email passwords. The IT admin person already has access to the main admin account of the email management system and can change the password of anyone at any time. Many people on our team are concerned because if a list of passwords is leaked, anyone can access anyone's account and send emails. This could put the person whose email account was used in trouble (IT Act, etc. - what if someone sends inappropriate pictures or threats).
The IT admin person has not even asked to submit passwords via an official document; he has just asked for it verbally, and the main HR person is also pressuring the employees to give their passwords.
Request for Legal and Alternative Solutions
Can anyone explain the implications and legality of this? Are there any other alternate solutions?
From India, Mumbai
Acknowledge(0)Amend(0)
Concern About IT Security Policy
This is a concern since it is not likely to be within the guidelines of the IT security policy. You can ask them to send a notice by email to everybody to provide this. Do this through your manager. Maybe it could be escalated to senior levels.
Secondly, do not use official email for any form of personal discussion with anyone. If you have done so already, please delete it immediately.
Hope this helps.
Regards,
From India, Mumbai
Acknowledge(2)
Amend(0)
90This is a concern since it is not likely to be within the guidelines of the IT security policy. You can ask them to send a notice by email to everybody to provide this. Do this through your manager. Maybe it could be escalated to senior levels.
Secondly, do not use official email for any form of personal discussion with anyone. If you have done so already, please delete it immediately.
Hope this helps.
Regards,
From India, Mumbai
Acknowledge(2)Amend(0)
Dear Anon, I echo Ryan and request you to explain why the IT Department would need the passwords. Which password are they asking for? Is it the login password to the laptop/desktop or to the mailbox?
They have access to every interaction within their network, including the intranet and mailboxes. Asking for the password separately seems like an initiative to alert employees about their interactions. Please try to understand why the system has been set up. Sharing passwords is against the Code of Conduct of every firm.
Looking forward to hearing from you!
From India, Mumbai
Acknowledge(1)Amend(0)
They have access to every interaction within their network, including the intranet and mailboxes. Asking for the password separately seems like an initiative to alert employees about their interactions. Please try to understand why the system has been set up. Sharing passwords is against the Code of Conduct of every firm.
Looking forward to hearing from you!
From India, Mumbai
Acknowledge(1)Amend(0)
Password Sharing Policy and Security Concerns
This is not a normally accepted policy. As per the IT security policy, password sharing is not allowed. IT should be able to reset the password whenever they require. This should be logged with reasons, and you will be aware when the password is changed.
If the password is to be shared for any reason, it should be well-documented and notified to stakeholders to avoid any disputes later on.
You should also confirm how responsibilities will be fixed in case your email account is misused. (This is a rare chance but still a grey area).
From India, Delhi
Acknowledge(0)Amend(0)
This is not a normally accepted policy. As per the IT security policy, password sharing is not allowed. IT should be able to reset the password whenever they require. This should be logged with reasons, and you will be aware when the password is changed.
If the password is to be shared for any reason, it should be well-documented and notified to stakeholders to avoid any disputes later on.
You should also confirm how responsibilities will be fixed in case your email account is misused. (This is a rare chance but still a grey area).
From India, Delhi
Acknowledge(0)Amend(0)
Code of Conduct Concerns
That's actually against the Code of Conduct. People can misuse the profiles. IT employees have access to all accounts and may create or delete profiles. As you already mentioned, it is requested verbally, so please do not take any action. If someone pressures you, please share a wrong password Hope it helps!!
From India, Delhi
Acknowledge(0)Amend(0)
That's actually against the Code of Conduct. People can misuse the profiles. IT employees have access to all accounts and may create or delete profiles. As you already mentioned, it is requested verbally, so please do not take any action. If someone pressures you, please share a wrong password Hope it helps!!
From India, Delhi
Acknowledge(0)Amend(0)
Concerns About IT Admin Access and Security Policy
The IT admin person in your company might be taking advantage of their position. If they have admin access, they can change the password of any user at will and access the user's email. This situation seems suspicious. Please review your IT Security Policy for any potential vulnerabilities.
From India, Ahmadabad
Acknowledge(0)Amend(0)
The IT admin person in your company might be taking advantage of their position. If they have admin access, they can change the password of any user at will and access the user's email. This situation seems suspicious. Please review your IT Security Policy for any potential vulnerabilities.
From India, Ahmadabad
Acknowledge(0)Amend(0)CiteHR is an AI-augmented HR knowledge and collaboration platform, enabling HR professionals to solve real-world challenges, validate decisions, and stay ahead through collective intelligence and machine-enhanced guidance. Join Our Platform.
Employee reference policy.doc
Security Policy.zip