How Passwords Get Compromised
Have you ever checked on your passwords and noticed a warning that they’ve been compromised? One compromised password can put all your credentials at risk, but how does this happen? Your passwords may be showing as...
Back to Blog
How to Securely Share Passwords with Team Members
Sharing a Netflix account between family members might not seem like a big deal, but shared accounts can put you at risk. Individual users should consider that sharing login details can increase the chances of your details getting into the wrong hands.
Shared access between family members is one thing, but what about shared accounts between co-workers? According to our Workplace Password Malpractice Report, 46% of employees in the United States share work-related passwords for accounts that several co-workers use. Over a third (34%) share passwords with colleagues on the same team, 32% share passwords with their managers and 19% share passwords with company executives.
Sharing passwords is practically unavoidable in a work environment, so it’s crucial to practice secure password sharing to prevent cybercriminals from getting a hold of your login information or access to your accounts. Keep reading to learn more about sharing passwords safely.
Is It Ever OK to Share Passwords?
Sharing passwords is strongly discouraged in cybersecurity. If you decide to share your passwords with coworkers, you put your information and account at risk.
Below are some of the key reasons why you should not share passwords. Password sharing can:
- Compromise your accounts — Password sharing opens you up to vulnerabilities and increases the risk of compromised credentials. Since cybercriminals can intercept information in transit, sharing credentials through insecure channels such as text messages or Slack messages increases the risk of a data breach or cyberattack.
- Expose your private information — Sharing an online account with others gives them full access to the account, its history and any sensitive information associated with it. Depending on the platform, you may be giving users access to information such as your credit card, contact details or home address. If compromised, that personal information may find its way to the dark web.
- Get you in trouble — Many cloud services discourage account sharing and, instead, will offer different packages at varying price points for additional users. Account sharing may violate the platform’s terms of use and potentially ban you from service.
Password Sharing Best Practices
You should avoid password sharing at all costs, but it may be necessary for a work environment to build a more collaborative team or when working with remote employees, freelancers and digital nomads.
If your organization finds that it’s necessary to share passwords, it’s vital to find a way to share passwords securely and mitigate the risks of a data breach.
Here are our three top suggestions to ensure that your team is partaking in safe sharing practices:
1. Use a Password Manager
Password managers offer a secure way to share passwords and sensitive information between teams and employees. Depending on the platform, some password managers offer the ability for administrators to share records with other team members without revealing login credentials to the shared users.
The credentials are automatically stored in the users’ password vault and autofill each time an individual visits a website or application where they have a set of stored credentials. Autofill saves the individual from having to enter the details every time they want to access the shared account, eliminating the chances that any credentials are stolen via keylogging tools.
2. Enforce Strong Password Hygiene
Practicing password hygiene in the workplace strengthens password security and makes it harder for cybercriminals to breach your company.
Weak passwords that are easy to remember make it easier for team members to share passwords, but are also a much easier target for cybercriminals. Strong and unique passwords combat cybercriminals while still being easy to securely share with team members when stored in a password manager.
Below are some good password practices to enforce within your team:
- Never reuse passwords across accounts. Give every shared account a unique password. A compromised email address combined with reused passwords put multiple online accounts at risk of credential stuffing attacks.
- Enable Multi-Factor Authentication (MFA/2FA) on all accounts that support it. Even a strong, unique password can end up compromised, but with 2FA in place, cybercriminals won’t be able to gain access to the account without the second factor.
- Use a random password generator. Humans often create passwords that use dictionary words that are easy to remember. A random password generator can create strong passwords that are difficult to crack.
3. Reset Passwords When Employees Leave
Our Workplace Password Malpractice Report found that 32% of U.S. employees have accessed an online account belonging to a previous employer, indicating that many organizations do not disable accounts or change shared passwords once an employee leaves the company.
In 2021, Ticketmaster paid a $10 million criminal fine for intrusions into a competitor’s computer systems. According to Acting U.S. Attorney DuCharme, “Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence.”
Ticketmaster was able to gain access to the competitor’s computers because a current employee, who previously worked for the competitor, provided Ticketmaster executives confidential internal documents that he’d kept from his former employer, as well as the login credentials for multiple corporate accounts that the rival company used to manage ticket presales.
Suppose your organization participates in password sharing. In that case, it’s crucial to have a proper offboarding process in place to prevent any sensitive information from spreading outside the company once a professional relationship ends and ensure that the account is only accessible to authorized users within the company.
Why Use Keeper for Secure Password Sharing
Keeper password manager ensures secure password sharing among team members and third parties. Employees can easily share files and credentials across teams without exposing any usernames or passwords, as well as revoke access at any time.
Keeper One-Time Share allows users to share passwords and records with others for a set amount of time, regardless of if they have a Keeper account.
Not a Keeper customer yet? Sign up for a 14-day free trial now.
Interested to see how Keeper can protect your organization from security breaches? Reach out to our team today.
Frequently Asked Questions
What is the best way to share a password?
The best and safest way to share a password is with a password manager. A password management tool offers secure sharing without sharing credentials through unsafe methods such as text messages and email. Password managers allow you to share records directly with employees without exposing any usernames or passwords.
How do you manage a team password?
Many password managers offer role-based access controls to restrict sharing and limit permissions depending on each employee’s role and responsibilities. The administrator often controls least-privilege role permissions through the password manager’s dashboard.
Can you send passwords over text?
Sending a password over a text message is risky since there is no security or encryption to protect it from anyone who may intercept it. If your mobile device gets into the wrong hands, your texts are readable to anyone who manages to gain unauthorized access.
Can two people use the same password manager?
No, anyone using a password manager should have their own separate account using their email address. Many password managers offer family or business plans for anybody looking to add additional users.
Is sending passwords via email safe?
No, emails are usually sent in plain text and without encryption. If your email inbox is ever compromised, you’ve given the unauthorized recipient full access to your passwords. Even if you have deleted previous emails, they may live in other folders and files on your account. Any information found in your inbox is at risk if your email account is ever compromised.
Get the latest cybersecurity news and updates sent straight to your inbox
You May Also Like