When it comes to password sharing in your business, security professionals will often provide the by-the-book advice: “Don't share passwords.” However, the reality is quite different. Many offices find themselves sharing passwords for various reasons, such as cost savings or collaboration. Some applications don't even support multiple log-ins. In these cases, using a password manager is the smartest and safest solution.
Why You Might Need to Share Passwords
The primary reason businesses share passwords is to facilitate shared accounts, improving collaboration among employees, whether they work in a physical office or remotely. It simplifies tasks, particularly in situations like medical leaves, staff turnover, vacations, or when someone is unexpectedly absent.
However, haphazard sharing practices can leave your private passwords vulnerable to cybercriminals who are more than willing to trade your data on the dark web. In fact, IBM Security reported that 19% of all breaches in 2022 were due to stolen or compromised credentials.
So, how can you share passwords safely?
Avoid Common Password-Sharing Mistakes
Here are some crucial tips to remember:
- Don't Email Passwords: Email is a top target for hackers, and many email services lack encryption. Even if they are encrypted, emails can reside on various servers, making them susceptible to interception.
- Never Text or Chat Passwords: SMS messages and messaging apps like Slack are not secure, leaving your passwords exposed.
- Don't Write Down Passwords: Avoid using sticky notes, memo pads, or Google Docs to jot down passwords. Writing them down is a significant security risk.
- Don't Store Passwords on Devices: Storing passwords on your device can be risky. If your device is compromised, all your saved passwords could be exposed.
The Safest Way to Share and Store Passwords
IntelliSystems recommends using reliable password managers because they offer multiple layers of encryption. Only those with the key, which is your master password, can access your stored passwords. These password managers also include robust security and sharing features, such as:
- Zero-knowledge architecture: Even the password manager service can't access the information in your vault.
- Multifactor authentication (MFA): Provides additional login security.
- Unique password generation: Creates strong, random passwords for enhanced security.
- Fake login page warnings: Alerts you to spoofed pages by hackers.
- Breach or weak password notifications: Informs you if a password is leaked or weak.
- Simple, secure built-in password sharing: Some password managers allow you to choose which passwords your employees can access while keeping others in a private vault. Others, like Keeper, enable you to share documents or records without exposing credentials.
To use password managers, you only need to remember one password – your master password. While sharing a password requires the recipient to have an account with the same service, most password managers offer corporate accounts to mitigate this issue.
A Word of Caution
Exercise caution when choosing a password manager. Some may have security vulnerabilities. For example, LastPass experienced breaches in 2022, 2021, 2016, and 2015.
Smart Businesses Choose Password Managers
While minimizing password sharing is ideal, when it's necessary, a reliable password manager ensures you maintain control over who can access your credentials. Promote safe password practices among your employees, conduct regular security awareness training, and enable MFA for all accounts. It's not just secure business – it's intelligent business.
If you're unsure which password manager to use, don't hesitate to contact us, and we'll assist you in getting set up with one. Your security is our priority!