Posted On 07 Sep 2021

There is a myriad of reasons why people may need to share passwords in the workplace; however, it is important that you understand that this practice is not without risks. If a password finds its way into the wrong hands, you may find yourself on the receiving end of a ransomware attack, compliance review, or serious data breach.

Here are four practices you can adopt to limit the risk of password sharing in the workplace.

1. Avoid password sharing
We’ll start with the obvious one: Password-sharing should not be common practice. Aim to ensure all employees have their own login details so that you can fully control and monitor their activity. Employees should not share passwords unless there is a tangible business need.

2. If passwords need to be shared, ensure safe practices
In some cases, employees may need to share passwords. In such scenarios, security measures must be implemented to make sure the passwords are only shared with authorized individuals. Passwords should never be shared via text message or email. The most secure way to share passwords is via an enterprise password management platform; for instance, Keeper. Software such as this allows IT admins to create shared folders for groups of users according to their roles and subsequently grant people access to those folders. Employees simply log in to their Keeper vault to access the device.

3. Reset shared passwords when people leave the organization
Research has found that around one-third of employees in the US have accessed an online account that belongs to a previous employer. Regardless of the reasons why an individual leaves an organization, IT administrators should ensure all their access rights are immediately revoked. Again, this task can be simplified by using an enterprise password management platform like Keeper, which allows IT to disable multiple accounts within minutes.

4. Don’t overlook the risk of shared passwords
It is important that shared passwords adhere to the same security rules as all other passwords that are used in the organization. Specifically, they need to be formed of a combination of numerals, uppercase and lowercase letters, and special characters. Passwords should not be used across accounts, and multifactor authentication (2FA) should be deployed to ensure the maximum level of protection against hackers. Again, enterprise-grade password security should be employed.