How Passwords Get Compromised
Have you ever checked on your passwords and noticed a warning that they’ve been compromised? One compromised password can put all your credentials at risk, but how does this happen? Your passwords may be showing as...
Sharing a Netflix account between family members might not seem like a big deal, but shared accounts can put you at risk. Individual users should consider that sharing login details can increase the chances of your details getting into the wrong hands.
Shared access between family members is one thing, but what about shared accounts between co-workers? According to our Workplace Password Malpractice Report, 46% of employees in the United States share work-related passwords for accounts that several co-workers use. Over a third (34%) share passwords with colleagues on the same team, 32% share passwords with their managers and 19% share passwords with company executives.
Sharing passwords is practically unavoidable in a work environment, so it’s crucial to practice secure password sharing to prevent cybercriminals from getting a hold of your login information or access to your accounts. Keep reading to learn more about sharing passwords safely.
Sharing passwords is strongly discouraged in cybersecurity. If you decide to share your passwords with coworkers, you put your information and account at risk.
Below are some of the key reasons why you should not share passwords. Password sharing can:
You should avoid password sharing at all costs, but it may be necessary for a work environment to build a more collaborative team or when working with remote employees, freelancers and digital nomads.
If your organization finds that it’s necessary to share passwords, it’s vital to find a way to share passwords securely and mitigate the risks of a data breach.
Here are our three top suggestions to ensure that your team is partaking in safe sharing practices:
Password managers offer a secure way to share passwords and sensitive information between teams and employees. Depending on the platform, some password managers offer the ability for administrators to share records with other team members without revealing login credentials to the shared users.
The credentials are automatically stored in the users’ password vault and autofill each time an individual visits a website or application where they have a set of stored credentials. Autofill saves the individual from having to enter the details every time they want to access the shared account, eliminating the chances that any credentials are stolen via keylogging tools.
Practicing password hygiene in the workplace strengthens password security and makes it harder for cybercriminals to breach your company.
Weak passwords that are easy to remember make it easier for team members to share passwords, but are also a much easier target for cybercriminals. Strong and unique passwords combat cybercriminals while still being easy to securely share with team members when stored in a password manager.
Below are some good password practices to enforce within your team:
Our Workplace Password Malpractice Report found that 32% of U.S. employees have accessed an online account belonging to a previous employer, indicating that many organizations do not disable accounts or change shared passwords once an employee leaves the company.
In 2021, Ticketmaster paid a $10 million criminal fine for intrusions into a competitor’s computer systems. According to Acting U.S. Attorney DuCharme, “Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence.”
Ticketmaster was able to gain access to the competitor’s computers because a current employee, who previously worked for the competitor, provided Ticketmaster executives confidential internal documents that he’d kept from his former employer, as well as the login credentials for multiple corporate accounts that the rival company used to manage ticket presales.
Suppose your organization participates in password sharing. In that case, it’s crucial to have a proper offboarding process in place to prevent any sensitive information from spreading outside the company once a professional relationship ends and ensure that the account is only accessible to authorized users within the company.
Keeper password manager ensures secure password sharing among team members and third parties. Employees can easily share files and credentials across teams without exposing any usernames or passwords, as well as revoke access at any time.
Keeper One-Time Share allows users to share passwords and records with others for a set amount of time, regardless of if they have a Keeper account.
Not a Keeper customer yet? Sign up for a 14-day free trial now.
Interested to see how Keeper can protect your organization from security breaches? Reach out to our team today.
The best and safest way to share a password is with a password manager. A password management tool offers secure sharing without sharing credentials through unsafe methods such as text messages and email. Password managers allow you to share records directly with employees without exposing any usernames or passwords.
Many password managers offer role-based access controls to restrict sharing and limit permissions depending on each employee’s role and responsibilities. The administrator often controls least-privilege role permissions through the password manager’s dashboard.
Sending a password over a text message is risky since there is no security or encryption to protect it from anyone who may intercept it. If your mobile device gets into the wrong hands, your texts are readable to anyone who manages to gain unauthorized access.
No, anyone using a password manager should have their own separate account using their email address. Many password managers offer family or business plans for anybody looking to add additional users.
No, emails are usually sent in plain text and without encryption. If your email inbox is ever compromised, you’ve given the unauthorized recipient full access to your passwords. Even if you have deleted previous emails, they may live in other folders and files on your account. Any information found in your inbox is at risk if your email account is ever compromised.