If you ask a security professional, you get by-the book advice about sharing passwords: “Don’t share passwords.” But we know, in reality, that doesn’t work. Your office might be sharing a single password for apps like SurveyMonkey right now to save cash on buying additional users, and some social media accounts don’t even give you the option to have multiple log-ins. Sharing passwords in your office is sometimes necessary for collaboration, and the best way to do this is by using a password manager. Affordable (some platforms even offer free versions), layered with security and simple to use, password managers are the safest and easiest way to store and share your company’s private passwords.
Reasons You Would Need to Share Your Passwords
Shared accounts are the biggest reason businesses share passwords, whether their employees work from a physical office or at home. It improves collaboration and makes employees’ jobs a lot easier. Medical leaves, turnover, vacations and “Bob isn’t coming in because he ate bad fsh last night but has our Amazon log-in” are other reasons passwords get handed around like a plate of turkey at Thanksgiving dinner.
However, unsafe sharing habits will put your private passwords in the hands of greedy hackers, who can fetch a high price for your data in dark web markets. IBM Security reported that in 2022, 19% of all breaches were caused by stolen or compromised credentials.
So, how do you share passwords safely?
First, Avoid These Common Password-Sharing Mistakes
When it comes to password sharing, remember:
- Don’t send passwords via e-mail: E-mail is the #1 target of hackers, and many e-mail services aren’t encrypted. Those that are encrypted are still risky because e-mails are stored in several servers on their way to or from your account. That means your e-mail is sitting in a Sent folder, ripe for the taking by anyone who gets into your e-mail account, encrypted or not.
- Never text or chat passwords: Like e-mails, SMS messages or messaging apps like Slack aren’t secure. Once a text is sent, it is available for anyone to see.
- Stay far away from storing passwords using pen and paper and shared documents: Sticky notes, memo pads, Google Docs – NEVER write down your passwords.
- Avoid the temptation to store passwords on your device: If your device gets hacked, nothing stops that perp from taking every password you saved.
The Best Way To SAFELY Share And Store Your Passwords
We recommend using reliable password managers because they have multiple layers of encryption so only those with a key (your master password) can see it, AND they include more robust security and sharing features like:
- Zero-knowledge architecture: Not even your password manager service can see the information you save in your vault.
- Multifactor authentication (MFA): For added log-in security.
- Unique password generation: Creates strong, random passwords to improve log¬in security.
- Fake log-in page warnings: Warns you if a page is spoofed by hackers.
- Breach or weak password notification: Alerts you if one of your passwords was leaked or if your current password is weak.
- Simple, secure built-in password sharing: Some password managers let you choose which passwords your employees can see and keep others in a private vault. Others, like Keeper, let you share documents or records without exposing credentials.
To use password managers, you only need to remember one password – the master password. One downside is that whomever you share a password with needs an account for the same service. However, most password managers have corporate accounts, so this shouldn’t be a problem.
A Word To The Wise: Look out for password managers with a bad security track record, like LastPass, which was breached in 2022, 2021, 2016 and 2015.
Smart Businesses Use Password Managers
It’s a good idea to avoid sharing passwords as much as possible, but when you have to, use a reliable password manager to ensure you have control over exactly who sees your credentials. Talk to your employees about safe password hygiene, host regular security-awareness training for employees and use MFA with every account. It’s not just safe business – it’s smart business.
If you’re not sure which password manager to use, give us a call and we’ll get you set up with one.