Your password is yours, nobody else should have it. Not your co-workers, not your manager, not your CEO, and definitely not your IT guy.
The most common comment I’ve heard is: “but they may need access to my computer or my work while I’m away”. Most corporate computers will be connected to a Domain, meaning a new authorised user can login without much trouble. That takes care of the company needing to use your computer temporarily for another user. But what about data saved directly to your computer? First off, naughty, you should be saving your work to your server, be it a local server or cloud server. Secondly, when your IT team goes through the correct procedures and controls in place for your company, they will most likely be able to access that data and make it available to the wider team (normally by moving it to a server). Maybe your company has a policy that won’t allow for your IT team to retrieve data saved on your user directory of your computer, in this case do you really think it’s wise to subvert that policy by handing out your password?
My point is your IT team have other methods open to them to access your computer and files, policies and controls are put in place to protect your privacy and the companies data security. If they are asking for it, they are probably taking an unnecessary shortcut, or are covering up for a mis-configured device. It could also be someone posing as your IT team. There are more than enough valid reasons to not share your password to outweigh any conceivable reason for sharing it with anyone.
Someone with your username and password can likely access other services that also use those credentials. A person you trust now, may not be someone you can trust later, but do they know your current password when that happens, will you even know when that switch from friend to potential foe occurs? Let’s hope you have MFA enabled.
If someone else has your password, go and change it now.
Does your company have a culture of sharing passwords? Comment below, I’m keen to hear your take on why you think it’s a good or bad policy for your teams.
