As I've said many times, never give out your password to anyone. We've heard about the phishing scams out there. They will tell you to go to the "company" website and fill out your info including password or respond to an email asking for your password. The best defense against that is to type in the URL yourself in the browser for that company and go from there. That way, you know you're going to the correct site. It's good to read the URL carefully. Something that looks like http://[domain name].com/youtube.com/ does NOT go to YouTube, but a fake site.
Administrators of password-protected sites can change your password for you. They have access to your account. They don't need your password or your security question answers sent them in email. What do you think they do when they reset your password if you've forgotten it? Depending on the software used, the password will either show up or it won't on the administrator's screen, with the ability to change it or disable/delete the account.
An email asking you to send back your username, password, security question answers, and other things is a definite phish. If the email says your account will be closed or there is legal action, most likely it is fake. Check with your ISP to confirm. So are the emails for lotteries, jackpots, and any kind of winnings programs. Federal law forbids collection of "fees" to receive your winnings. Read this from the NAD;
Scam Alert – Protect Yourself