When clients force me to use their "secure" portals, I make it a point to carefully collect each single account name and password in an email, which I then send to EVERYONE on the project. I like to think it makes some overzealous IT admin somewhere spontaneously combust.
@fesshole it does. Because now they have a security incident with the accompanying ton of paperwork to do.