It is only too easy to get passwords. During one project where I was sub-contracted to a large company, I took my laptop home each weekend and it would not reconnect on Monday; call the Help Desk. After the third time, I asked the techie for the login and password so I could reconnect without 'bothering him'. Done!
Next was the need to load some utilities on the Team PCs; Support had no time so I offered to do it. Administrator access to ALL PCs in the company as I was given a generic login/PW.
Next I needed to some network routing changed - you guessed it - I was now a Network Admin .
All this simply by asking and in a Company that was otherwise paranoid about security - passes, secure doors (which people would let me through btw), firewalls on each floor of the building etc. etc.
Education of staff as to the risks involved in 'being nice' to someone is critical to any security system. As shown above the best security system devised is only as good as the staff who follow it; or not