No employee should ever ask for a password. The way is see it is that it's not a matter of corruption, or people eavesdropping on the connection (what a targeted attack that would be, targeting a specific, short, rarely occurring chat session). The point is that if your employees never require a password, you can put in big letters OUR EMPLOYEES WILL NEVER ASK FOR YOUR PASSWORD, and attackers imitating your employees are SOL, because they can't ask for the password without it being obvious that they're not real employees.
Surely you can just give relevant employees admin powers so they don't need the password.
If you don't trust them enough for that, it's relatively simple to set up a proof that the person has the right password without actually transferring the password itself, so that the employee can't change things about the account without express customer permission.
Not having a 'no asking for passwords' policy is just as bad. Most companies with online an online presence will tell you in their form emails that an employee will never ask you for the password. This one not only doesn't, but obviously regularly asks for a password.
My employer asked me for my password once, for some site. I forget why - someone needed superadmin access, and this was the fastest way to give it to them.
I gave in, and promptly changed my passwords across all sites (this was back when I just had the Three Passwords) - and changed all of my work-related passwords to something stupidly simple, fighting off the urge to change them all to "fuckyou" and "shitslapbananamonkey".
Surely you can just give relevant employees admin powers so they don't need the password.
If you don't trust them enough for that, it's relatively simple to set up a proof that the person has the right password without actually transferring the password itself, so that the employee can't change things about the account without express customer permission.