writes "I work at an institution employing about 10,000 people. Recently our IT security team have begun proposing that all system administrators and tech support help would need to be fingerprinted before being allowed to change user passwords on systems that they tend. Have any of you heard of such a requirement before? I cannot fathom how this would actually make the users' data safer but this is also the same team that tried to make all IT folks sign a document accepting full personal liability in the event of a data breach and to agree to compensate the institution for any loss resulting from a data breach on the IT person's watch. Are these guys coming from another planet or has IT become that CYA in recent years?"