3 Reasons you should never share passwords

A photograph of a man working on his laptop

The 2018 Verizon Data Breach Investigations Report revealed that 81% of company data breaches were due to poor passwords and password practices. In the 2022 report, a combination of human errors, misuse, and social engineering accounted for 82% of breaches.

Sharing passwords for company applications, accounts, and remote utilities (i.e., VPN logins) can increase your risk and vulnerability to cyberattacks.

For over 25 years, WEBIT Services has helped hundreds of clients identify and address security risks to protect their businesses.

By reading this article, you will learn three dangers of sharing passwords, three reasons people often share passwords, and a safer, alternative method.

 

3 Reasons not to share passwords

Once you hand your password over to someone else, you have no power over where the password ends up or how it is used. Here is a breakdown of three things that happen when you share your password.

1. You have no control over how someone else uses your password.

Once you've shared your password with someone, they can use it however they like, and there isn't anything you can do to control or prevent their actions.

For example, you're out sick and ask a coworker to check on a password-locked account. You give them your password, and they relay the information you need, which seems to be the end of the situation.

However, what if they saved the password, so their browser automatically logs into the account? Or if they use that password again to access other accounts? What if they share your password with someone else?

You have no real way to know how, when, or where your shared password is now being used. It could be harmless or open the door to a security breach.

2. You cannot control who else sees or accesses your password.

Once you share your password, you can't prevent others from sharing it, as well. This may be word-of-mouth, through email, files, or even written documents.

Users should never write down or print passwords. It makes them far too easy to access and share. Furthermore, if a password is printed, it's effortless for anyone to wander into an office, find the password, and then use it without the password owner ever knowing.

Leaving passwords visible makes them incredibly vulnerable. For example, users' accounts have been breached because they posted office selfies with password-laden sticky notes in the background.

Some users or departments prefer to save their passwords in a computer file. Most likely, this document has the word "password" in its name and would be easy to find, making it convenient for users. But, unfortunately, it's also convenient for cybercriminals who may lie in stealth mode within your system, looking for data to steal or exploit.

3. You cannot control how your password is exposed to vulnerabilities.

Even if you share your password with a trustworthy friend or coworker, you have no idea what their security environment looks like or how closely they follow security protocols.

You may be sharing your password with someone who has malware on their device or who uses a shared laptop. They may not recognize phishing attempts and share your password in a social engineering scam. Maybe they save your password to their device, which is later stolen.

If your password is on a vulnerable or exposed device, it could lead to a dangerous breach.

3 reasons why passwords are shared

1. Convenience

Sharing passwords via document, text, email, or word-of-mouth is easy and straightforward. It's a quick way to access accounts.

However, this convenient method is not secure and creates unnecessary risk.

2. Shared accounts

Many departments share accounts for applications. Unfortunately, this often results in a shared password passed between department members.

It's all fine until one team member creates a vulnerability or shares the password with the wrong person.

3. Social engineering

Social engineering is a popular method among cybercriminals. It utilizes convincing fake texts (smishing), emails (phishing), or phone calls (vishing) to get users to send over their login credentials or personal information like social security numbers.

Social engineering is so successful that cybercriminals used it for 98% of their attacks in 2022. In addition, 75% of companies worldwide were victims of phishing. Those are frightening statistics.

Social engineering attacks are also generally random. Cybercriminals are looking for anyone with resources willing to take the bait and give them access. No business or account is too small to be a victim.

To prevent phishing attacks, users should never share login credentials over text, phone, or email.

The alternative to sharing passwords

If you must share passwords, it's best to use a password manager application. These affordable applications allow you to store or share passwords safely.

While they may differ in execution, password managers will safely store passwords only accessible to approved users. Each user must create an individual master password to log in; from there, they can access their saved passwords or shared passwords.

This way, password sharing is more controlled and more secure.

Next steps for securing your passwords

Sharing passwords can open your company to various unnecessary, preventable, but dangerous risks. Once a password is shared, you have no control over who uses it, where they use it, how they use it, or who they share it with.

The safest choice is never to share passwords. However, if passwords must be shared, a password manager Is a secure solution.

WEBIT Services is passionate about helping clients reach their cybersecurity goals. We believe education and knowledge are the first steps in building effective cybersecurity practices.

If you're looking for a new IT provider, schedule a 30-minute consultation to see if WEBIT Services might fit your company.

If you are not ready to speak to our team of experts but would like to learn more about cybersecurity, we recommend the following articles: