
Ask HN: What is your workplace policy on divulging account passwords to IT? - firstandforest
This is an &#x27;asking for a friend&#x27; situation, with the friend in question being pressured by their company&#x27;s IT department to divulge their password (so as to facilitate updates more easily). This person is relatively high up in the company, and handles IP that is both valuable and sensitive.<p>My advice to them was that in the absence of a company-wide directive that absolved them of any and all repercussions from the sharing of their password they shouldn&#x27;t give it up.<p>However, I wondered how other companies (big and small) handled this. What&#x27;s your experience?
======
byoung2
IT should have a system of roles and permissions that allows administrators to
log in as other user if necessary to install updates or reset passwords. This
access should be logged and ideally periodically audited by a 3rd party.
Sharing a password is dangerous because it is impossible to determine who used
the password to perform a malicious act.

~~~
firstandforest
Thanks, much appreciated.

