I’ve mostly held my tongue on the entire Edward Snowden issue. I believe the truth of the situation is very nuanced, and far too many are quick to label him either a hero or a traitor.
However, the latest wrinkle in the story gave me something to say:
Your should NEVER give out your password to an IT administrator (or anyone else, for that matter). Any systems admin who says they need it to perform any function is either lying or not properly trained to do their job.
A user’s password is supposed to uniquely identify them, as no other person should possess that knowledge. When a password is shared, it breaks authentication. In some cases this doesn’t cause major security issues, for example, your buddy letting you use his Netflix account (Though security isn’t so much a problem here, the content providers will not be happy about it).
However, if you are an employee of a government or corporation, and you have access to sensitive material…
DO NOT GIVE THAT LOGIN TO ANYBODY.
The failure here is in user training. Since the employees who gave out their information have been relieved of their positions, I can only assume they did receive training and signed some sort of user agreement indicating that they understood their responsibilities in regards to data security. Clearly though, the training was not effective.
Hopefully this will act as a learning experience to improve user training in the future.