- Created: Monday, 07 March 2022
- Written by Tim Nicholls
A manager called us, needing his assistant to send some emails for him. He was planning on sharing his password.
A major security violation! If you share your password:
- The person you have shared it with may have access to things they should not - like personal emails or private appraisals
- There is no accountability or traceability - if they access/edit/delete an email, there may be no way to show if you did it or if it was the other person.
- The more people that know a password the more chances are for it to be compromised - making it less secure.
The truth is if sharing your password is the only way to share access - it is a sign of poor IT.
The good news is they were on Office 365, a business-class email system, which allows you to grant a colleague access to your emails and the ability to send them as you. We helped him grant access to his assistant, no password sharing required.
There are a few cases where sharing passwords might be unavoidable - such as log-ins to third-party websites or devices that only allow one account. In these cases, we suggest a secure password manager like LastPass.
Password managers allow you to securely store and share passwords and keep them updated without having to actually give someone the password. They can be configured so that the password can’t be seen or copied when it is used to login.
It has other advantages too: the passwords can be more complex (as you don’t have to remember them); security checks are carried out for weak or potentially compromised passwords and it provides auditing tools so you can see who used which password and when they used it. You can also set it up to use 2FA, so you get an extra verification step before using it, which is handy if some of the logins stored in the password manager don’t themselves support 2FA.
Contact telanova to beef up your IT security