We live in a digital world, which brings many positives, but also new pitfalls to watch out for. Companies often need different employees to have access to different documents or files, but they should prevent access to what they are not supposed to see.
To make life easier for employees, they may often exchange passwords, share accounts and emails, or choose to share one account instead of trying to figure out and use their own permissions. It’s not a new thing at work or outside of work. People exchange all sorts of data, which can be very sensitive.
Fortunately, with modern problems comes modern solutions. We don’t have to constantly rely on traditional (and not very secure) ways of sharing passwords or other sensitive data. But in order to change the way people share sensitive data, we need to know why these traditional ways are bad.
The problems with sharing passwords
It probably goes without saying that sharing passwords is an incredibly fundamental security risk, even if you give your password to someone you know and trust.
Recent studies have found that about 35% of people share their passwords, which may not seem like much at first glance. But given that the majority of the population is on the internet today, that’s hundreds and hundreds of millions of people.
What’s a much worse statistic is that a shocking 81% of successful hacking attacks stemmed from password sharing or because of weak or reused passwords.
In addition to the security risk, password sharing generally reduces accountability in the workplace. If you share one account with multiple people, no one ever knows what anyone is actually doing. One person’s mistake can mean that multiple people get into trouble, and they never figure out who’s to blame for the confusion. The more people sharing accounts, the worse it is to figure out the source of the problem, which also means that problems can and probably will recur.
Even worse is the scenario where an employee leaves the company but is left with access to different accounts. The people with whom he shared the account may not even know he left the job, or they simply won’t want to change an already established password.
Traditional password sharing methods
Of course we understand that there are reasons to send someone a password. It may be a temporary password that will change immediately, but it’s still a good idea to choose the most secure way possible for how you share your password or other data. Here are examples of ways that we definitely don’t recommend:
- Sending login credentials over an unsecured email – This is probably the worst possible thing you can do. All it takes is one single email to capture all the data you need. If you are already sending data via email, split the data across multiple messages or use multiple channels (multiple email addresses are needed). A minor exception may be secure email, but as far as standard email clients like List, Gmail and the like are concerned, don’t use those to send confidential information.
- Chat apps – This is slightly better, but still, leaking a single message means breaking accounts. Most apps like WhatsApp encrypt the communication. Beware, Facebook’s Messenger does not yet have this encryption by default, although it is planned and in development.
- Sharing login credentials via services like Dropbox or Google Drive – While this may seem like a better idea because these services are secure, we still have problems from all of the above. Mainly then, the problem is that one weak link and one failure means accounts are breached without any way of knowing who caused the problems.
- Handing over data on paper – This is a really bad idea. The paper can get lost, just thrown in the trash where someone can get to it, but also someone can easily see the data. The paper simply needs to be destroyed after it is handed in so that nothing can be read, which not everyone will do properly.
- Passing the information verbally – This one is slightly better, although you need to memorize the information, which not everyone can do, especially then with complex passwords. The conversation can also be overheard by someone
This is definitely not an exhaustive list, but it mainly outlines ways not to share passwords, and why.
Password managers don’t just act as a security vault for our passwords, but also offer a way to pass on passwords securely and in encrypted
form. In addition, password managers can also create passwords in a way that is completely random and unguessable.
Another great thing about password managers is that they allow you to control access policies. Because the administrator has control over what is shared with whom, you don’t have to worry about someone who shouldn’t have access gaining it. Further, you can keep track of who is sharing passwords and with whom.
It also works as a great backup plan when someone comes into the job or leaves quickly. Administrators can then just easily add or remove access.
It’s simple, fast, and most importantly, secure. You don’t have to worry about who has access to what because you’re comfortable taking care of everything yourself. Passwords are not shared through insecure channels or on paper, but in a way that a hacker has no chance of getting to them. So if you’re dealing with password security at work, a password manager is the obvious choice.