There are several risks associated with storing your passwords in Google Sheets, including its lack of end-to-end encryption by default and lack of secure sharing capabilities.
Updated on February 13, 2024.
The best and most secure way to share passwords with team members is with a dedicated password manager. Sharing passwords is practically unavoidable in a work environment, so it’s crucial to practice secure password sharing to prevent cybercriminals from getting a hold of company login information and accessing sensitive data.
Continue reading to learn more about sharing passwords safely in the workplace.
The Risks of Insecurely Sharing Passwords With Team Members
Some of the risks of sharing passwords insecurely, such as through emails, messaging apps, shared spreadsheets, documents and physical notes, include the following.
Account compromise
When passwords are shared insecurely through unencrypted means, they can be intercepted through Man-in-the-Middle (MITM) attacks. Anyone who can intercept the passwords you’re sharing can use them to compromise the account the password is for. When an account is compromised, the unauthorized individual can then steal sensitive information stored in the account and even lock authorized users out of the account completely.
Data breach
A data breach happens when an unauthorized individual gains access to a system or account and steals sensitive information without the knowledge or consent of the individual or organization it belongs to. According to IBM’s Cost of a Data Breach Report 2023, the two most prevalent attack vectors that caused data breaches were phishing and stolen or compromised credentials. One way in which credentials can be compromised or stolen is by individuals sharing them through insecure means like email.
How a Password Manager Enables Secure Password Sharing
A password manager is a tool that enables users to create, manage, securely store and share login credentials, files and more. Some password managers also allow users to manage and share their passkeys. Password managers are designed to store users’ sensitive data so they don’t have to worry about it being compromised due to passwords being weak, reused or shared through insecure methods. The best password managers are built with zero-trust and zero-knowledge encryption to ensure that stored or shared data remains secure at all times.
- Zero Trust: Zero trust is a security framework guided by three principles: assume breach, verify explicitly and ensure least-privilege access. Instead of trusting every user on a network, zero trust doesn’t trust anyone and assumes that every user or device can be potentially compromised. When a user is given access to a network, zero trust states that users should only have the necessary privileges to perform their jobs, nothing more and nothing less.
- Zero-Knowledge Encryption: Zero-knowledge encryption is one of the safest ways to secure sensitive data. When a password manager is zero knowledge it means that only authorized users can decrypt the data stored in it. When passwords are shared through a zero-knowledge encrypted password manager, they cannot be intercepted by third parties.
Password Sharing Best Practices in the Workplace
Sharing passwords in a work environment is necessary for collaborative teams or when working with remote employees and freelancers. Here are three password best practices organizations should implement to ensure team members share passwords securely with one another.
1. Invest in a business password manager
Business password managers offer a secure way to share passwords and sensitive information between teams and employees. Depending on the password manager service you use, some offer the ability for administrators to share records with team members without revealing login credentials to the shared users. The credentials are automatically stored in the users’ password vault and autofill each time the user visits a website or application where they have a set of stored credentials. Shared records have options you can customize such as “can edit,” “can view only” and “can view & edit” – providing admins with full control over shared data.
For organizations that employ freelancers and subcontractors, some password managers like Keeper® offer features that enable you to share passwords and other stored data on a time-limited basis without requiring them to have a password manager account themselves.
2. Enforce strong password hygiene
Practicing password hygiene in the workplace strengthens password security and makes it harder for cybercriminals to breach your company’s sensitive data. With a business password manager, enforcing strong password hygiene is easy since IT admins are given full visibility and control over employee passwords.
Some good password practices to enforce within your organization include the following.
- Never reuse passwords across accounts: Every shared account should have its own unique password. Just one reused password, if compromised, places multiple online accounts at risk of credential stuffing attacks.
- Enable MFA on all accounts that support it: Multi-Factor Authentication (MFA) is a security measure that requires one or more additional verification factors in addition to a username and password. Even a strong, unique password can become compromised, but with MFA in place, cybercriminals won’t be able to gain access to the account without the additional factor(s).
- Use a password generator: Individuals often create passwords that are short and use dictionary words so they’re easier for them to remember. A password generator creates strong passwords that are difficult for cybercriminals to crack.
3. Reset passwords when employees leave
Keeper’s Workplace Password Malpractice Report found that 32% of U.S. employees have accessed an online account belonging to a previous employer. This indicates that many organizations do not disable accounts or change shared passwords once an employee leaves the company.
If your organization participates in password sharing, it’s crucial to have a proper offboarding process in place to prevent any sensitive information from spreading outside the company once a professional relationship ends. Having a proper offboarding process ensures that the account is only accessible to authorized users within the company, and no one else.
How Keeper Helps Teams With Secure Password Sharing
Keeper Password Manager ensures secure password sharing among team members and third parties, all while upholding zero-trust and zero-knowledge security. With Keeper, employees can easily share files and credentials across teams without exposing usernames or passwords, as well as revoke access at any time. Using Keeper’s One-Time Share feature, employees can also share passwords and records with others for a set amount of time, regardless of whether they have a Keeper account.
Password managers are essential for organizations of all sizes to prevent account compromise and password-related data breaches. See for yourself how a business password manager is beneficial to your organization by starting a free 14-day trial of Keeper’s business password management solution.