The allegations in the Times are a little different they are insinuating that the login and password belonged to Rob Newman who is a current employee of City. I think you are correct about the IT system though. Presumably a well run IT system would spot the same credentials being used in different locations at the same time.
I’ve seen far too many examples of people “lending their log in” or “sharing” an account, to disbelieve that. However, you are assuming that tech support looked up from playing Doom, long enough to spot the problem.
FFS Nadine Dorries - a member of the government - admitted that she shared her Westminster network passwords with temporary staff, including access to her email. She never got sacked though, because she was admitting this in mitigation for a colleague who was caught watching porn on his government laptop, either using the Westminster network, or claiming for his internet via expenses.