March 11th, 2021 Read Time: 6 minutes
Justin Sheil is the Content Marketing Manager at Electric. He has 5+ years experience writing about a wide range of technology topics. As part of his role at Electric, he currently functions as the head of the company’s Research & Insights division.
Subscribe to our blog and stay up to date
It is not surprising to discover employees within your enterprise sharing passwords without minding the risk that such action poses. The bottom line here is that password sharing increases your entity's susceptibility to harmful and expensive cyberattacks. A characteristic example is the recent hacking of a water plant after the successful exploitation of shared passwords.
If you are still wondering why sharing passwords securely is so important, consider the statistics below.
The use of the same password for all their accounts stands at about 13% of individuals.
The percentage of those who reuse passwords across several sites is about 65% of individuals.
Users who opt to duplicate their passwords in their personal and work accounts are at a staggering 73%.
You also need to appreciate that accessing passwords can be as easy as trying a weak password on multiple users, asking a user to share their password details, trying a compromised password belonging to a user, among other approaches.
So, even if you are trying everything possible to securely share your passwords as an IT manager, note that your colleagues may be the weak link exposing your firm to password sharing risks.
When workers develop a habit of sharing passwords without observing basic security rules, your firm remains vulnerable to security and privacy risks. As such, you cannot afford to overlook the need to address secure password sharing issues before they get out of hand.
Here are four reasons why password sharing is risky.
Employees who share passwords with colleagues or other individuals risk granting such people access to every other account that uses the same password. So, if someone has ulterior motives and they can use the password to access your email address, you may end up losing your entire internet identity.
Additionally, hackers can access other passwords they wish to change when they land their hands on your email address. That includes the login details you use when accessing online marketplaces. The implication here is that making purchases using the information in your online account and changing your address and phone number will not be a problem for attackers.
The security of every account that users need to use a password to access is paramount. In that case, sharing passwords for any account your workers use means that it will be less secure. On the other hand, giving someone you trust your password does not mean you have nothing to worry about.
The reason is that such an individual may keep the details in a compromised device, or they may not store the information in a secure location. As a result, the password you share insecurely will be prone to theft, which will, in turn, increase the risk exposure of your private information and your accounts as well. So, you need to exercise caution when sharing passwords since you cannot trust anyone or everyone.
Another reason to securely share your password is because anyone who uses your credentials to log in to an account will literally be on your account. That simply means that any action by such an individual will be in your name. For instance, a hacker may decide to access inappropriate content or engage in harmful activities while on your account. When that happens, you will be the one who faces the consequences, and the experience may not be good in some situations.
Note that the person you give your password to may be responsible for denting your identity, or it can be third-parties who taint your image after accessing your details when they find them in an insecure location.
Your information can become available to keyloggers or sniffers as a result of sharing passwords. One of the common strategies that sniffers use is prompting a user to type your password into a website you access on various occasions. That is what sniffing or phishing is all about. It is a strategy that focuses on persuading a user to install a keylogger.
The keylogger, in this case, can be software or hardware, and the installation can happen when one reads traffic on a wireless or wired unencrypted network. So, sharing passwords increases the susceptibility of your account to phishing/sniffing attacks.
It is worth mentioning that users can open your firm to compromise even when they do not have ill intentions. That is often the case when users share login credentials with individuals who use insecure hardware. CISOs and CIOs may be working hard to secure office systems, but the challenge is that one cannot tell the security posture of the system a different person is using.
If the other individual's system is compromised, it can escalate the proliferation of account details and unwanted programs like malware. Indeed, some employees share passwords because it is part of the policies of the entity they work for or when they want to collaborate with teammates on a project.
That is where CIOs come in handy because they can provide better ways for workers to collaborate while preventing data breaches at the same time. You can achieve that by adopting the following tips.
Employees should understand that there is a difference between sharing work account credentials and exchanging passwords with a spouse or partner at home. That will call for highlighting the fact that password sharing exposes your business to both security breaches and legal liability. Regular security training meetings and onboarding sessions provide a platform for passing such information.
Workers should also note that using the same password for multiple accounts is not a wise idea. The reason is that someone can try to access such individuals' accounts using the same credentials. Also, password sharing can result in the loss of access to business-critical software if someone changes the login information.
If password sharing is part of your firm's policies, now may be a good time to bring this to an end by implementing the industry best practices below.
• Investment in the right password technology.
• Trying as much as possible to opt for solutions with provision for single sign-on (SSO).
• Asking employees to avoid using the same password for several services or products.
• Enabling multi-factor authentication where possible.
• Leverage a partner to ensure security amongst all devices.
Most probably, the tools you are using presently do not provide your workers the seats they need or lack critical collaboration features. As such, reassessing your SaaS licenses to find out whether you need to make adjustments is a wise idea. The evaluation may reveal that you need to acquire tools with strong collaboration features and those that ensure everyone has a seat.
By opting to purchase such tools, your employees will collaborate with little or no friction to achieve set objectives.
Although password sharing appears to be the path of least resistance, workers consider it a quick fix. You should ensure that employees have the tools that foster a safe collaboration environment. That, in turn, will eliminate password sharing risks and will also enhance productivity.
Figuring out all your bases to cover pertaining to your organization’s IT strategy is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization.