Seeing tweets quoting this particular tweet, it seems there is much more to be done to educate users that anything done in a computer account in your name is your responsibility.
My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!
— Nadine Dorries (@NadineDorries) December 2, 2017
In the corporate enviroments that I have been a part of, prohibition of password sharing is part of their Computer Systems Acceptable Usage Policy. All accounts should be able to be traced back to the humans attached to them at any point in time. There is also usually a clause that says it is possible to have disciplinary action against you if you are found to have willingly shared credentials, because it is a security risk to teh organisation.
Reading the thread of replies to the tweet, Nadine keeps on digging a hole... Nadine is an MP, so should be even more cautious about credential sharing. With the actual credentials, those that it was shared with can read the entire email account if they wanted to, including anything marked highly confidential.
If any organisation is using a serious email system (i.e. not POP3 junk included with a domain name or website CPanel setup) then there are things called Shared Mailboxes. Each user has their own username, and is assigned access to the Shared Mailbox. The account cannot be logged in to directly. You can even set Send As permissions, if you want to 'hide the actual sender behind the mailbox name', but this still logs that Joe Bloggs sent an email using Jane Bloggs mailbox.
This is only a short little rant about this subject, as it is something that affects anyone working in IT in any size of organisation.
For another set of views on this subject, see 2 articles from Troy Hunt below.
The Trouble with Politicians Sharing Passwords
Security Sense: Password Policy Prevents Credential Sharing
