The act of changing her password while signed on using her identity constitutes identity theft, plain and simple.
- JP
To my mind, the term "identity theft" implies that one is doing something which could only be legitimately done by the person whose identity is stolen. If an action could legitimately be done by someone else, it is not identity theft.
If someone steals my house keys and then illegitimately enters my house, for example, that's not identity theft. I could authorize anyone to enter my house, and even change the locks. Someone who enters my house with a stolen key may be falsely convincing the lock that they have my permission to enter, but that's not the same thing as pretending to be me.
On the other hand, if someone applies for a credit card in my name, such a person would be falsely pretending to be me. Such a person couldn't merely be pretending to have my permission, since I couldn't legitimately grant such permission even if I wanted to. The only way the credit card company would accept the application would be if they believed that the application was signed by me personally.
Given the frequency with which people exchange computer account passwords for various reasons, the fact that a particular account is logged in does not imply that the holder of the account was at the keyboard. Indeed, given that people often have their computers configured to retrieve mail automatically, there often would in fact be nobody at the keyboard when a an email login is received.
I think the crook in this case should have a piano dropped on his head, but I really don't think "identity theft" is the right charge.