Why sharing passwords is a bad idea

A padlock and key on a table

This week the privacy regulator has cautioned MP’s over sharing their passwords with their staff after a number of tweets revealed they were engaged in the practice. Whilst this is the easiest way to provide access to your account when people need to access your data, the regulator is absolutely on the money when it comes to their warning – you should never give anyone your user credentials.

Your account is no longer secure

By granting anyone else your user credentials, you are seriously compromising the security of your account, because from the moment they have access, you don’t know what they are going to do with your access details.

They may write them down and store in an insecure location, they may store it on an insecure or compromised device (Or a device that is later compromised). Or you may have emailed it to them, which is an inherently insecure messaging system.

Most likely the person you have trusted with your account details didn’t mean to compromise your account, but they likely haven’t thought through the wider implications of the account getting compromised and thus will not take necessary steps to secure the information.

More privileges than they need

The reason you may want to give someone access to your account is so they can access some sort of data, but we must remember that in using our account, they will have access to everything else in our account, such as email, logins to other systems (if you store your passwords in a password manager either without a master password or with the same password), and they can act on your behalf.

It will be logged as you

Any actions that the person you have granted access to performs will be recorded as you, so if the person you gave access to decides to, for example, access inappropriate content, the system administrator or in some cases the police will come looking for you.

Going back to your account security, it could be that the person you gave access to didn’t keep the details secure and someone else got hold of them, but the outcome will be the same, not an easy conversation.

They could access other accounts

Passwords are hard to remember, and most people cannot remember more that 2 or 3, and this leads to the biggest problem with passwords – using the same one across multiple systems. By sharing your passwords with other people, this could easy lead to multiple systems being compromised through your accounts.

If they leave you will have to change your password

What happens when the person you trusted decides they want to move on from your organisation? You are going to have to revoke their access, which means changing your password and remembering a new one.

The Solution?

Create an account on the system the user is required to access and grant them only the privileges they need to perform the task you require them to perform. This may not always be easy, especially if it is something like email where you may have to get a system administrator involved to get it setup.

But the consequences of your account being compromised could be far reaching, resulting in data leaks, financial loss, reputation damage, and although unlikely, even prison.

So next time you need to grant access to something to a member of your staff, take the time to properly setup an account for that user, and grant them only the access they need. Then any actions they perform will be logged as them, and you can securely revoke access at any time.

Back to Magazine


Related Articles

Free Password Management & Security Guide Released

Free Password Management & Security Guide Released

With our increasing focus on security and data protection in schools, we are now releasing a new free resource to help users and system managers understand how passwords are compromised, and how to create and manage secure passwords.

10 October 2018
Education Services
3-2-1 Backup: 5 Tips to keep your data safe

3-2-1 Backup: 5 Tips to keep your data safe

With the increasing role of data in our lives, it has become increasingly important to plan for the possibility that it all might go wrong one day. And if you think about it, it’s not only an event that might happen, it probably will.

10 October 2018
Online Safety, South West Grid
Will Anti-Virus Alone Keep Us Safe?

Will Anti-Virus Alone Keep Us Safe?

You have seen the high-profile cases in the media and you know the damage malware can do. You may have even been a victim yourself. You already take steps to secure your devices and network. But are you doing enough?

10 October 2018
Online Safety
Ransomware - Everything you need to know

Ransomware - Everything you need to know

What is ransomware? What does it do? What’s the point of ransomware? How does ransomware infect your device or your data? How do you protect yourself against ransomware?

10 October 2018
Education Services
Sophos Takes Top Spot for Endpoint Protection

Sophos Takes Top Spot for Endpoint Protection

At SWGfL, we’ve been working with Sophos since April 2011 to bring market-leading security products to schools at reduced prices.

10 October 2018
Online Safety