Answer:

Were you my client, my first question would be “how do you know?” Because under normal conditions, there is no need to know an employee password.

But no matter how you were to answer my question, the answer is to assign a Password Policy to the computer. Heck, while you are at it, assign a Password Policy to all company computers.

A Password Policy can be applied to Chrome OS, macOS and Windows computers. The process is a bit involved to give a detailed description here on Quora, but an internet search will provide you with the step-by-step.

With a Password Policy, you can specify a minimum number of characters, minimum complexity (upper case, lower case, numbers, and special characters), password lifespan, and prohibit the reuse of previous passwords.

Or, you could be the brightest one in the room and read one of my Practical Paranoia Security Essentials books, which do provide the illustrated step-by-step instructions.

You may also consider including a password policy compliance statement in your employee handbook. This way, the employee is provided very clear notice that the intent of the policy is to help ensure the security of proprietary company data as well as the privacy of the employee… And that a violation of the policy can lead ultimately to termination.

There are a few other items you may want to look at:

• Verify if the employees’ password has been compromised on the web. This is as easy as visiting https://haveibeenpwned.com, then entering the employee email address. Anywhere the password has been compromised, the employee must then change the password, as well as every other site where that same password is in use.
• I’d be tempted to have your IT person work with your employee to view all stored passwords. This will give you a good idea of what sites are using the same passwords, and then where to change the passwords.