Re: phone and computer passwords
(All of the following is my speculation)
Alan was in a management position at a professional services firm and likely dealt routinely with business sensitive and confidential information. Cyber security precautions have been increased over the past year with the pandemic moving many into a mobile or work-from-home situation. IMO, I would be astonished if KPMG did not have an enterprise data security system in place for email (mobile and computer access) and any other data or documentation access for work.
Here’s an overview of several enterprise off-the-shelf solutions focused on email (I do not know what KPMG uses, but, in my strong opinion, they use something, and perhaps a proprietary system):
The Top 11 Email Security Gateways | Expert Insights
My organization uses an enterprise data protection service that requires multi-factor authentication and a combination of PINs and passwords that individually must meet security requirements and have to be updated every 30-90 days. Work from stations and laptops are dedicated - they are not for personal use and you can only use verified encrypted mobile data sources with them. We use VPNs with separate access requirements. I have dedicated phone apps that require separate authentication to use if I need to access a work spreadsheet or document via a mobile device (which fortunately, is rare for me).
My organization requires that my iPhone login be a minimum of 9 digits updated every 30 days (and no reusing previous passcodes — it’s fun!).
IIRC, Alan worked in cloud computing solutions in healthcare, where cyber security precautions are likely stringent. We’ve all heard media reports of increased random ware attacks involving hospital systems, and a even a non-ransomware cyber intrusion involving healthcare-related data could involve costs running into the millions and even billions of dollars. I would have been more surprised (IMO) if his husband had access to his phone or workstation (and, although not the primary concern when Alan went missing, it would be considered a security breach if Rusty were able to access a device used for work purposes).
Most individuals in my organization can still make individual phone purchases and will receive individual phone bills that are provided by carriers, so Rusty may (IMO) have been trying to access online billing information for Alan’s phone, which, in my situation, would still show the timing for calls / texts received (no content info) and some location information. My partner has password information for that since we have a shared account. It sounds as though Rusty and Alan did not have a shared account — and that may be more a reflection of the cybersecurity precautions that would be mandated for Alan.
In my organization, dedicated work devices that do not involve individual billing are generally provided only for international travel and for those working directly in cyber security. Most enterprise systems will allow settings to be customized by the organization for individual users — so I, for instance, can maintain personal social media apps on my phone and post online at Websleuths in accordance with company policy. Others who routinely handle more sensitive information are not be allowed to do so. I can use Bluetooth on my phone. Others can not. I don’t know what KPMG’s policy is.
I thought it would be useful to provide some perspective from someone who works for a national organization that does work in the cyber security sphere (though that’s not my focus).
We all bring different experiences to the discussion. Mine is that I know many (seemingly) happily married couples who do not share mobile accounts or devices — or access to accounts and devices — due to the profession of one or both partners.