Our IT admin person is asking everyone in our company to share their official company email passwords. The IT admin person already has access to the main admin account of the email management system and can change the password of anyone at any time. Many people on our team are concerned because if a list of passwords is leaked, anyone can access anyone's account and send emails. This could put the person whose email account was used in trouble (IT Act, etc. - what if someone sends dirty pictures or threats). The IT admin person has not even asked to submit passwords via an official document; he has just asked for it verbally, and the main HR person is also pressuring the employees to give their passwords.
Can anyone explain the implications and legality of this? Are there any other alternate solutions?
From India, Mumbai
Acknowledge(0)
Amend(0)
Can anyone explain the implications and legality of this? Are there any other alternate solutions?
From India, Mumbai
Acknowledge(0)Amend(0)
This is a concern since it is not likely to be within the guidelines of the IT security policy. You can ask them to send a notice by email to everybody to provide this. Do this through your manager. Maybe it could be escalated to senior levels.
Secondly, do not use official email for any form of personal discussion with anyone. If you have done so already, please delete it immediately.
Hope this helps.
Regards
From India, Mumbai
Acknowledge(0)Amend(0)
96Secondly, do not use official email for any form of personal discussion with anyone. If you have done so already, please delete it immediately.
Hope this helps.
Regards
From India, Mumbai
Acknowledge(0)Amend(0)
Dear Anon,
I echo Ryan and request you to explain why the IT Department would need the passwords. Which password are they asking for? Is it the login password to the laptop/desktop or to the mailbox?
They have access to every interaction within their network, including the intranet and mailboxes. Asking for the password separately seems like an initiative to alert employees about their interactions. Please try to understand why the system has been set up. Sharing passwords is against the Code of Conduct of every firm.
Looking forward to hearing from you!
From India, Mumbai
Acknowledge(0)Amend(0)
I echo Ryan and request you to explain why the IT Department would need the passwords. Which password are they asking for? Is it the login password to the laptop/desktop or to the mailbox?
They have access to every interaction within their network, including the intranet and mailboxes. Asking for the password separately seems like an initiative to alert employees about their interactions. Please try to understand why the system has been set up. Sharing passwords is against the Code of Conduct of every firm.
Looking forward to hearing from you!
From India, Mumbai
Acknowledge(0)Amend(0)
This is not a normal accepted policy. As per the IT security policy, password sharing is not allowed. IT should be able to reset the password whenever they require. This should be logged with reasons, and you will be aware when the password is changed.
If the password is to be shared for any reason, it should be well-documented and notified to stakeholders to avoid any disputes later on.
You should also confirm in case your email account is misused, how responsibilities will be fixed. (Rare chance but still a grey area).
From India, Delhi
Acknowledge(0)Amend(0)
If the password is to be shared for any reason, it should be well-documented and notified to stakeholders to avoid any disputes later on.
You should also confirm in case your email account is misused, how responsibilities will be fixed. (Rare chance but still a grey area).
From India, Delhi
Acknowledge(0)Amend(0)
That's actually against the Code of Conduct.
People can misuse the profiles. IT employees have access to all accounts and may create or delete profiles. As you already mentioned, it is requested verbally, so please do not take any action. If someone pressures you, please share a wrong password ;) Hope it helps!!
From India, Delhi
Acknowledge(0)Amend(0)
People can misuse the profiles. IT employees have access to all accounts and may create or delete profiles. As you already mentioned, it is requested verbally, so please do not take any action. If someone pressures you, please share a wrong password ;) Hope it helps!!
From India, Delhi
Acknowledge(0)Amend(0)
The IT admin person of your company is taking you all for a ride. If he/she has admin access, they can change the password of any user of their choice, and access the user's mail. I smell something fishy. Kindly check your IT Security Policy for any flaws.
From India, Ahmadabad
Acknowledge(0)Amend(0)
From India, Ahmadabad
Acknowledge(0)Amend(0)Engage with peers to discuss and resolve work and business challenges collaboratively - share and document your knowledge. Our AI-powered platform, features real-time fact-checking, peer reviews, and an extensive historical knowledge base. - Join & Be Part Of Our Community.
Job Description - HR & Admin.doc
Conf_RevMeeting _CPFC_20570_MOM 10% refund on admin charges incentive.pdf
Admin-HR AUDIT.zip