This article is a brief overview of one potential scenario around protecting your passwords, in an office environment. At the end of the document there is a link to an article where an ex employee caused a business and the business clients much grief after loosing their job.

For any type of business whether it’s large or small, if you are logging onto a shared system or application to work on company files with a personal logon, then it is important to keep you password secure.  You should never share your password or hand it over to another employee, have it written and stuck around your desk, because you never know who or what is around the corner. Things may be going well between you and your colleges, and you may be friends outside of work, but things may change if for some reason they are terminated from the business and are unhappy about loosing their job.

This is where your problems begin, if that employee is angry about their employment being terminated and want to get back at the employer, “NOT YOU”, your details are just an ABILITY to cause trouble, and they have access to do what ever damage they can. For the sake of this document changing your password did not cross your mind as you did not expect any retribution form your friend involving your details.  For the sake of this document – and an example has been added at the end of this document you access your work system through an internet based application or webpage page.  The ex employee can logon as “YOU” and delete, change or steal information for competitors. As far as the system is concerned you are logged in and have done this and you are responsible for any actions taken by this account, this then becomes YOUR problem and are responsible for any loss or damage or legal ramifications of the actions.

This is a very simple view of a possible scenario but gives an overview of the potential risk involved in sharing password – or not protecting them. With the expertise or ability to investigate the source of the actions as discussed in the article below you have no defence, your account your actions.

Laid-off employee uses co-worker's password to disable car ignitions remotely
http://blogs.techrepublic.com.com/itdojo/?p=1592&tag=nl.e101