Not very secure if IT has a key now is it ;\)

I would not think a password change would matter, however I've seen it happen on two different machines/users so it could be a fluke, but if the data is that important you shouldn't mess with something a bit flaky (but up to whomever chooses to use it). I use PGP for stuff I want to be reasonably secure, though I'm not sure that's where he wants to go with this. I think he just wants a hook into the MS Authentication that's easy which would be nice but I don't know of any easy way without coding it.