Despite some sources suggesting that password sharing is a bad thing, families, friends, and work colleagues can share passwords securely. How else might your partner get access to a shared Netflix account, an elderly neighbor navigate a complex online transaction, or your marketing team get into corporate social media accounts?
The problem is not so much that password sharing is a bad thing, it is how they are shared that´s the problem. Multiple surveys report that families, friends, and work colleagues use unsecure methods of sharing passwords; and – according to Bitwarden´s 2022 Password Decisions Survey – the volume of unsecure password sharing has increased in the past year due to the pandemic.
What´s Wrong with these Password Sharing Methods?
While these password sharing methods “get the job done” inasmuch as they communicate login credentials from one user to another, some may not be secure (i.e., unencrypted email and chat apps), some don´t work so well on mobile devices (i.e., shared online documents), and others lack scalability and version controls (i.e., spoken and paper).
Scalability and version control are unlikely going to be issues for people sharing their Netflix login credentials using a sticky note; but, when you combine these issues with other password sharing issues (i.e., security and accessibility), it is not difficult to see why more people and businesses are starting to use password managers for sharing passwords.
Warning: Not all Password Managers are the Same
There is sometimes a misconception that password managers are the same. They´re not. For example, most Chrome users are familiar with the Google password manager, and many use it to save login credentials and payment details on the Chrome browser because saved data are conveniently auto-filled when you need them in order to save you remembering complex passwords or reaching for your credit card every time you want to buy something online.
However, the Google password manager is only secure if you PIN-lock each device you have Chrome installed on, because otherwise anybody accessing the device could easily access the saved data. Furthermore, your passwords and payment details are only synchronized across devices on which Chrome is installed. If you use Chrome on your PC and Safari on your iPhone, you will not be able to synchronize login credentials and payment details across both devices.
The Benefits of Web-Based Password Managers
For people who don´t PIN-lock their devices or use non-compatible browsers – and for many other people – the best password managers are web-based solutions. These require you to log in with a master password each time you use them. Because they are web-based, they are accessible from any Internet-connected device, and many enable users to access login credentials and payment details offline via a series of operating system apps.
Web-based password managers also include many more features than browser or operating system password managers. For example, most come with a customizable password generator and can comb your existing passwords to identify any that are weak, re-used, or that have been compromised in a data breach. Importantly – in the context of this article – they also enable users to share passwords securely.
What is the Right Way to Share Passwords Securely?
This depends on the purpose of sharing a password. Most web-based password managers have a secure messaging feature that allow you to send encrypted messages to trusted contacts. This is a great feature for periodic sharing, but doesn´t have scalability for sharing passwords with multiple people or version controls in case you change your passwords.
If you want to share passwords more frequently, share passwords with multiple people (or multiple passwords with the same people), and automatically refresh passwords when they change, you will need to use a password manager with organizational capabilities. To best describe how these work, the following is a selection of plans suitable for sharing passwords securely provided by Bitwarden:
This is a free plan which allows two people to save an unlimited number of passwords in two, individual personal “vaults”. The plan includes a shared “collections” vault in which login credentials for shared accounts can be saved securely. The vaults can be further protected by 2FA, plus the capability exists to send encrypted messages to individuals outside the two-person organization.
A family organization plan is for up to six people. Each person has their own personal vault, plus you can have an unlimited number of “collection” vaults if – for example – you want to share your credit card details with your partner, but not your children. Family organizations also include 2FA, secure storage and the capability to send encrypted messages and files. This plan costs $40/year.
A team organization plan is for an unlimited number of people. This plan allows you to sort users into groups and share collections within groups to simplify shared password management. Team organization plans also include tools such as API access, directory synchronization, and event and audit logs to maximize password security. This plan costs $3 per month per user.
An enterprise organization plan is much the same as a team organization plan, but with more tools to simplify password management and secure password sharing – for example, a password policy engine, custom roles, and SSO integration. Although this plan costs $5 per user per month, Bitwarden is currently offering a free family plan for every user in an enterprise organization.
Changing Password Managers to Share Passwords Securely is Not Time-Consuming
If you are using a password manager such as the Google password manager, and you can see how the features and capabilities of a web-based password manager will be of benefit to you, don´t be put off from changing password managers because of the perception it takes a lot of time to transfer your passwords from one password manager to another.
Most web-based password managers have an import feature you can use to quickly copy and paste all your existing passwords in one go. You can then check for weak, re-used, or compromised passwords in a matter of minutes, and easily replace those which have already been hacked or are vulnerable to brute force attacks. Thereafter, it will be far easier to share passwords securely.