A friend of mine recently left their job and was asked to hand over the password that they had used to access company email, etc. As a sometimes security consultant, I advised against it.
I'll also be advising against applying for a job in Bozeman, Montana, where the city requires job applicants to divulge the passwords they use to log in to Facebook, Google, Yahoo, YouTube, MySpace, etc.
Sharing your password is a bad idea for a number of reasons.
- Many people use the same password for multiple sites (don't do that!), so revealing the password to one site might also reveal a password to a bank web site.
- A password to an email account will allow someone to use the password reset feature of other sites. Sure, banks typically require other information to reset a password. What are the odds that the Bozeman employment application doesn't also ask for some or all of that information?
- Picking good passwords is hard. Many people use a strategy to pick passwords and the more passwords you have for that person, the easier it is to guess the strategy and possibly guess other passwords.