To make a long story short, cracking any Password of an account you do not own is illegal!
The only exception from the rule, if either the owner of the account or his manager asks you to do it. - You should always insist in a written proof or order to do that. At the end this might be very useful.
Also please be aware that some country have special data protection laws and works council usually don't "like" what you are doing. (Specially Germany)
So please be sure to have a legal permission of which accounts to audit and where/how to store the clear text data. I personally use a truecrypt container and used to work on a machine that is completely isolated from any network.