I'm in the Uk, and have a question re asking users for their passwords. Basically, I have been told to ask users for their passwords when needing to work in their accounts. I have heard that this may be against the law according to the Data Protection Act, however the act does allow for you to change a users password to gain access to their account. Obviously, I see this as a security risk as people shouldn't tell anyone their password, however I have been told to do this as it is considered standard practice in my company.
Can anyone confirm or deny this as I don't want to end up in court for doing my job.