As a business grows the delegation of responsibilties grows with it. This includes employees having to take up new roles. Alot of times this new role requires them to be granted access to any number of platforms. Inorder to be granted access, they must be given a password. In work environments this is called password sharing. Many believe that you should not share passwords under any circumstances, while others disagree. Well, password sharing isn’t inherently dangerous. You just need to know how to do it safely.
Do's and Dont's of Password Sharing
1. Before sharing your password make sure to avoid daisy chaining. Which is using a single password for multiple accounts.
- Never share a password that you use for more than one account, as if it falls into the wrong hands, then every account protected by that password is at risk.
2. For social media platforms, make sure you set up a company social media policy.
- Explicit rules that state who has access to the accounts.
- Expectations for how to prevent security threats.
- Set schedules of when to change passwords.
3. Limit staff access when sharing passwords.
- Control level of access users have.
- Monitor all staff activity.
- Change necessary information when an employee leaves.
4. Create email addresses specifically for social media accounts.
5. Use 2-Factor Authentication for whenever someone signs into the account.
6. Never send secure information, such as passwords over text.
What's the Safest Way to Share Passwords?
Use a Password manager!!
A password manager is a software application designed to store and manage online credentials. Usually, these passwords are stored in an encrypted database and locked behind a master password.
How they work?
Users are allowed to create their own master password. This password is then saved and locked(encrypted) in a vault. The user can now grant access to whom ever he chooses to be able to use this login information. The person that the admin is sharing their login informtaion with, will not be able to view its actual contents. The admin can also revoke the access given away whenever they choose. We only talked about two users, but what about groups?
Multiple passwords can be created by a single admin. That admin can now place each of those encrypted logins in the hands of a corresponding group. So, multiple passwords for multiple groups.
- You don’t have to memorize all your passwords anymore.
- They can auto-generate highly secure passwords for you.
- They can alert you to a phishing site.
- Many password managers sync across different operating systems.
- They help protect your identity .
1Password is one such helpful tool, which allows you to save your passwords in a secure place and access all of your accounts quickly and easily.
This software goes beyond a two-factor encryption process. 1Password uses a three-pronged encryption process including what they call a ‘secret key’ and a secure remote password on top of your master password, which is not stored anywhere except your mind. With all of this in place, your master password, and therefore your social media accounts, cannot be accessed, intercepted, reset or dodged. So you can organize and safely grant access to specific vaults. Permissions give you control over who can delete or change passwords. If ever needed you can easily revoke permissions from an employee. 1Password leaves nothing for the taking.
LastPass is a password manager that enables teams to quickly and securely share account login information. In a matter of seconds, a shared password can be synced with a desired employee. The account login information appears in the employees vault.
LastPass offers many password sharing features, they include:
- When you share with individuals or groups, LastPass offers individuals to share passwords one to one or with a group of people. There is a sharing center that allows employees to see who they have shared passwords with, and who has shared with them.
- If an admin wants to share a password to one indivisual or many, LastPass makes this process easy. Folders are a convenient way to share all relevant logins either by project, by team, or by department.
- Shared passwords can be masked in LastPass so that an employee can’t see or edit the password. Hidden passwords offer a layer of security, especially when working with temporary contractors or third-party vendors.
- LastPass has a built-in password generator and can create long randomized passwords for every single account login. Because the password manager remembers and enters all passwords for the employee, it doesn’t matter how difficult the password is.
- An admin visibility feature is also included. LastPass offers managers and IT visibility into who has access to which passwords, and how they are being shared. Admins even have the ability to change a shared password, or quickly revoke access if needed.
ManageEngine- Password manger pro
Password Manager Pro is a secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of enterprises
Share one or more passwords with individual users or groups.
Grant varying permission levels to users and groups for password access by choosing between View, Modify, and Manage options.
Automatically assign full control of passwords (including sharing) to the user who adds them.
Allow users to transfer ownership of their passwords to another admin or user when they leave the organization.
Provide access to resources as needed, without revealing the passwords in plain-text.
Launch one-click connections to shared resources from Password Manager Pro's web-interface, without manually entering credentials.
Impose additional security layers on super-sensitive credentials by configuring request-release approval workflows.
Release passwords for specified time frames by setting password validity periods.
Configure access controls to automatically randomize passwords for one-time usage.
Audit all user share activities, including password viewing and copying operations.
Get a snapshot of all password access and other activities pertaining to a particular user or password, through various reports.
Stay well-informed of password shares and who has accesses any point in time.
Pierce Taylor, Software Engineer Intern at HacWare. HacWare measures risky cybersecurity behaviors and automates security education to help MSPs combat phishing attacks.
Learn more about HacWare at hacware.com