Many organizations, especially ones working in the tech and digital field, require constant back-and-forth communication, online file sharing and access to various accounts. Working in a collaborative environment often requires shared accounts, which means employees must find an easy way to share passwords without putting the company at risk of a cyberattack.
A Slack message or email to a coworker may be the quickest way to send passwords, but it can put your entire company at risk from cyberattackers. Keep reading to learn more about some of the most dangerous ways to send and store passwords and the most secure way to share them with your employees.
The Best Way to Share Passwords Safely
The safest way to store and share your passwords is through a password manager on a password-protected device. One in five Americans uses a password manager—equating to an estimated 45 million people, according to Password Manager and Vault 2021 Annual Report. Roughly two-thirds of those who don’t use password managers admit that they would consider using one in the future.
Password managers often offer multiple layers of encryption, making it virtually impossible for cyberattackers to find what they want. With Keeper’s zero-knowledge encryption, if attackers were to somehow hack Keeper – which is extremely unlikely due to our robust security architecture – they would only get access to the useless ciphertext.
Password management tools also offer secure sharing features that make it easy to give employees shared access without exposing the username and password details. Many password managers also offer Multi-Factor Authentication (2FA/MFA) that can be enforced at the role level. It is encouraged that you enable 2FA/MFA on all platforms that allow it to strengthen you and your team’s security posture.
Risky Ways to Send and Store Passwords
Password sharing is common among Internet users inside and outside the workplace. In fact, a survey by The Zebra, NBC News and Pew Research Center found that 79% of consumers admitted to sharing passwords with someone outside their homes.
Organizations not using a password manager may be participating in unsafe password storage and sharing tactics, which can lead to financial losses and increase the risk of a cyberattack. Based on survey results in our 2022 US Cybersecurity Census Report, the average cost of a cyberattack was over $75,000.
Apple Notes, Google documents, Microsoft Word documents and other online notes applications may be an easy way for you to jot down information, but these tools were not created for storing and sharing private login credentials.
According to our Workplace Password Malpractice Report 2021:
- 49% of respondents admitted to saving work-related passwords in a cloud document.
- 51% of respondents say that they currently save passwords in a document on their computer.
- 55% of respondents save work-related passwords on their mobile phones.
Although some documents have the ability to be password-protected, many document software platforms do not offer encryption, two-step verification or any additional security measures. An unauthorized user that manages to get ahold of your device can easily copy the document and send it to themselves, giving them all access to any information provided in the file.
Emails are one of the most popular forms of communication in the workplace. They are usually sent in plain text and without encryption. If your email inbox is ever compromised, you’ve given the unauthorized recipient full access to your passwords if you’ve ever sent them through email.
Unsafe passwords sent via email often pass through several systems and servers. There will also be a copy in your sent folder. Even if you have deleted previous emails, they may live in other folders and files on your account. Some email platforms store data locally on a drive. If your equipment — such as laptops, computers or phones — is ever stolen, your unique passwords are at risk.
Similar to email services, text messages have no security. Your text message is readable to anyone who may intercept it. Again, if your mobile device is not password protected and lands in the wrong hands, the unauthorized user gains access to all your previous private conversations. Not to mention if the device of the recipient is ever compromised.
WhatsApp, Slack and Microsoft Teams are popular tools for accessible communication between coworkers for quick project updates and casual conversations. Although many of these cloud services are encrypted, people often leave them open and operating in the background. If you are ever working in a public setting and casually leave your device unattended, that individual can access your password in seconds.
In June 2021, a group of cybercriminals used Slack to trick an employee into helping them break into EA Games. The group managed to purchase stolen cookies that provided them with login credentials to gain access to an EA Slack channel. Then they messaged IT support members saying they lost their phone at a party.
EA released two statements confirming that the incident occurred and that the company was taking steps to prevent this from happening again.
Writing passwords in a notebook or on a sticky note may prevent online cybercriminals from accessing your credentials. However, they can still be stolen from an individual user in the offline world.
Writing down credentials and sharing them around the office can also be dangerous if you or your colleague lose the physical document. Not only does the information go missing, but it may also potentially fall into the hands of an individual user with malicious intent.
Although a face-to-face conversation with a coworker eliminates any paper trail, there are risks to speaking credentials out loud.
Verbally sharing credentials may be a “safer” alternative to emailing or texting, but it is still a risky option. It can be hard to share strong passwords since the password must be easy enough to be memorized by the recipient. If you share passwords over the phone, you also risk being recorded.
How Keeper Helps with Password Sharing and Storage
Keeper Security makes it easy for organizations to store and share passwords and records across teams. Our zero-knowledge platform enables easy-to-manage, secure password sharing and encrypted storage across your organization.
Make sure your team is participating in secure password sharing by taking advantage of our free 14-day trial.