Employer asking for GitHub password. How to handle this?


As other people already clearly expressed, it's a big no.

Then you have two choices:

  • A: you just realized (if it was not the case) how bad the security hygiene of the company is (or they know they shouldn't but still ask, which is even worse), and you have to deal with it (work around or find another work)
  • B: if you believe there's hope, you can transform this in a opportunity to educate the team and make them understand why accounts (Github or anything else) should never be shared. Even pure professional accounts. This is not just a privacy issue. Sharing credentials is also a good avenue to be unable to identify the origin of a leak, to now be able to control who has access to what.... in short, it might be a big cause of trouble for the business.

Sharing passwords usually comes with other bad hygiene: sharing ssh keys, sharing certificates, sharing API tokens with privilege rights, ....

If you manage to make them understand that making sure any employee is responsible, has his own credentials and never share them with anyone is a very good way to avoid big problems later.

In short, it's a big red burning flag with loud air horns and huge flashing lights. But at least you might try to get something positive (for you, or at least for them, it's good karma!)

Reply to this…

(28 answers) Take me to the question