Absolutely, sharing username and password should not happen in an organization. It could lead to many problems later. In terms of password policy in the organization, from my experience, I have implemented an “active directory”, the software from Microsoft to enforce users to behave in accordance with the organization’s policy. So, with this way, I can control, monitor, and enforce them based on the security policy.
Thanks for sharing,
Pongthep