These managers that love their password lists, also like to keep them up-to-date. The easiest way to ensure this is to prevent or at least discourage users from changing passwords.
Since password changes are infrequent, the default temporary passwords usually remain as the permanent password, leading to multiple users having the same passwords. Most network administrators will use a standard nomenclature when creating usernames. These two conditions make it all too easy to guess login information, and to be right.
Lastly, when an organizational policy exists to record everyone’s password, it becomes impossible to provide non-repudiation. In a secure environment, when only each user knows his or her password, a user cannot repudiate a login log by stating he or she did not log in. There is a clear record of who logged in, and that he or she was successfully authenticated by a password that only he or she should know. And, since the user can change his or her password, it is the user’s responsibility to keep the password from becoming compromised.
Bottom line: Require each user to manage their passwords, taking care to prevent password sharing—even among managers. Remember, administrators can always change passwords. There are better methods to ensure access to data stored by individual users.