Why You Shouldn’t Share Your Passwords
In the daily operations of a business, it’s normal for employees to need to access multiple accounts or collaborate across accounts to get their work done. In some cases, though, it may be impractical to have multiple accounts for the same service. When this happens, it’s common for employees to share passwords.
Password sharing in a business setting can be dangerous, exposing sensitive company information to outsiders who may use it for ill intent. There are a few ways you can mitigate this danger, but first, it’s best to understand why password sharing happens and what exactly those dangers are.
Why do people share passwords?
According to research conducted by popular survey company Survey Monkey, an estimated 32 million employees in the United States share passwords. But why? Per the respondents to this survey, most people who share their passwords (about one-third of participants), at least in a work setting, do so to collaborate with their teammates. Other reasons found in the survey included following company procedures and reducing costs.
This makes sense; a company may not have the resources to pay for separate subscriptions to certain services for all of their employees or may not use the service enough to justify the extra cost. Having some employees share a single paid account might be more practical in these scenarios. Additionally, having everyone work from the same account can make collaboration easier by allowing employees to save their work to the same location and access others’ work as needed without the intermediary steps of sharing documentation through messaging or emails.
As common as it is, though, password sharing can still be dangerous.
The dangers of sharing passwords
The first and most obvious risk of sharing passwords is that of the person with whom the password is shared being a bad actor. Phishing schemes are incredibly common, accounting for 3.4 billion spam emails sent every day and being the most common cause of data breaches. These scams rely on a person voluntarily sharing their password with a party pretending to be some kind of authority.
Even if the person with whom you are sharing your password is not a bad actor themselves, however, password sharing can still lead to accessing sensitive information through unsecured networks. It is incredibly difficult to regulate server access if employees share information and access it via external networks such as remote office setups or public computers.
Additionally, if any changes are made to the sensitive data via an external network, tracking who made the changes and why is much more difficult. This may mean that your internal data is susceptible to abuse by jaded former employees or dishonest employees looking to profit from your work in some way. This may mean anything from unauthorized social media posts that may greatly damage the company image to the misuse of customer information to potential serious loss of revenue.
How to share passwords safely
All of this being said, there will still be scenarios in which you may need to share an account across multiple employees or access points. Here are some tips from Forbes on how to share passwords safely.
- Use a password manager to generate and store unique passwords for each account. This is especially useful if you work in-person only and are accessing multiple accounts from the same device.
- Use data-encrypted cloud storage to send a secure file with account information. This allows you to control who has permissions to see or use the file.
- Online project management tools use data encryption to secure your information, allow for easy sharing of information between team members through a monitored internal system, and offer file-sharing features for additional convenience.
- Never share a password via email, text message, or physical writing where it might easily be seen.
- Never click on links in emails from senders you do not recognize and cannot verify, especially if those links claim to lead to service landing pages or demand account information. Always log into accounts directly via the service landing page to check security concerns.
It’s also a good idea to implement multi-factor authentication into all of your accounts. MFA adds layers of security to accounts and limits access to those with the appropriate information and identifying factors. Consider adding a more advanced MFA solution such as Photolok to your data. Photolok, a new technology from Netlok, allows users to upload and label photos to be used as identifiers; they simply select their photo from a grid to access their account. There is also an option to create a Duress photo, which will allow access for the user in the event of a forced authentication but will also alert the appropriate authorities so that the breach can be addressed quickly and safely.
If you are a business looking to implement MFA, consider using a more advanced authentication method such as Photolok IdP. Photolok is a passwordless IdP that is simple, effective, and offers a range of benefits including AI and ML defense, device authorization, and one-time-use authenticators. With Photolok, users select images and label them for security use. When accessing a network, application, and/or API, users simply choose their account photos in several photo panels, and they are given access. Users can also label a photo as Duress, which acts as a silent alarm. The Duress option allows the user access but notifies IT administrators that the user’s account is compromised and they need to execute the company’s security procedure quickly to protect the company and the user’s safety.
Read More: Photolok IdP Prevents AI Attacks