Whether it’s your sister’s Netflix or your coworker’s Grammarly, we’re all guilty of sharing passwords. It makes our lives easier and often cheaper. The problem is, password sharing can put you and your friends at serious risk of cyber-attack.
Read on to understand the dangers of password sharing and what you can do to share passwords securely.
Why Password Sharing is Dangerous
In a recent survey of US knowledge workers, more than one-third of respondents said they share either passwords or accounts. That’s equal to 32 million workers in the US alone and hundreds of millions of people worldwide.
Of course, you don’t need a survey to realize password sharing is common. But most people don’t understand how dangerous it is. 80% of all data breaches are the result of either stolen or weak passwords.
Shared passwords make it easy to access different systems and connected accounts. Hackers can intercept passwords as you share them if you do so online. And if you have a lousy password, they can use it to figure out passwords of your other accounts. It creates enormous consequences that ripple across professional and even personal accounts.
Additional Security Issues
Even if individuals don’t have malicious intentions, they can open up businesses and each other to security vulnerabilities. It is the issue of access control.
In many cases, sharing credentials with friends and coworkers makes sense. But what happens if that person decides to share your password with someone else and this continues. It doesn’t take very long for problems to arise. It’s also much more challenging to isolate the source of cyber threats if you can’t trace accounts back to a single device that may have been compromised.
Finally, you have to consider what happens after an employee’s termination. Individuals can and often do use coworkers’ credentials to wreak havoc on corporate networks. Imagine a disgruntled former employee having access to the social media account of your company. It doesn’t sound like a good idea, does it?
The Difference Between Work and Personal Accounts
Before you do anything, you need to know that the level of security required for different accounts varies. Some passwords are okay to share, and some that aren’t.
More than anything, you need to have a clear separation between professional and personal passwords. Sharing your Netflix credentials with your spouse is okay. But sharing your login ID for work with your new coworker isn’t.
There is no reason to share work accounts. Whether you need to collaborate on projects, access system information, or do anything else, each user should own an individual account with respective privileges. It is easy to set up and ensures a much higher level of security.
One main reason that employees share passwords is that it’s in accordance with company regulations. It needs to change. Employers need to update their cyber policies to make them in line with the latest security findings. It includes educating employees about how password sharing can put everyone at risk.
Then corporate password policies need to follow these security measures:
- Using unique, complex passwords with at least 8 characters
- Having a single sign-on (SSO) wherever possible
- Enabling multi-factor authentication
- Storing passwords in a password manager
Sharing Credentials in a Secure Way
Personal accounts are as essential to secure as your professional ones. They also contain sensitive information like your credit card details, addresses, birthdates, and other things that you should keep private.
The same tips from above apply here. Personal passwords should also be unique, long, and robust. But you have a little more flexibility to share, provided you do so in a secure way.
You can use password managers to share passwords. There are two ways to do so:
- Having a separate database or vault for shared passwords;
- Using a password manager that has a password sharing function.
In both cases, both you and the person, whom you share credentials with, need to use the same password manager software. And both ways are equally secure because, at all times, passwords stay encrypted.
No matter which option you choose, make sure to use the password generator feature to create new passwords for all accounts you wish to share.
To some extent, you can also do this in work settings if necessary. But you should keep track of who has access to accounts by doing more frequent password updates and account audits.
A Little Action Goes a Long Way
It doesn’t take much for a hacker to gain access to your personal or professional accounts. Fortunately, a little effort on your part can go a long way in protecting yourself. So above all the usual password security tips, you should stop sharing your passwords. Or, if you must, make sure to use a password manager when doing so.