In an ideal world, every employee would have their own password for the accounts and resources they need to access from the moment they started employment or commence a new project. In practice, that is often not the case. IT teams are busy and have to deal with many pressing issues, and setting up new accounts and permissions, can be a slow process. Sometimes, an employee or a group of employees will be required to collaborate on a project and will need temporary access, and the easiest solution is to share passwords.
Many businesses share passwords to solve these problems, but passwords are often shared or disclosed in an insecure manner. A recent survey by Bitwarden, published in its 2023 Password Decisions Report, revealed that 41% of IT decision-makers shared passwords via email, 30% used chat platforms, 27% communicated them verbally, and 22% handed them out on paper.
When passwords are communicated verbally, there is a risk that the conversation will be overheard. Passwords are often shared via unencrypted email or SMS messages, and those communications could easily be intercepted or read by an unauthorized individual on the recipient’s device. Passwords are often shared openly in chat sessions on messaging platforms that are not secure, or via unencrypted notes apps. Worse still, passwords may be written on a sticky note and put on an employee’s desk! All of these methods of password sharing are risky, and if the passwords provide access to accounts or folders containing sensitive information, that information could easily be accessed by unauthorized individuals.
Fortunately, there is an easy and more secure way of password sharing, and that is to use a password manager. Business password managers make it easy for passwords to be securely shared with individual employees, teams, or groups. In addition to sharing passwords, folders can be created that allow members of a group to have instant access the information they need and appropriate rights can be easily assigned (read-only, read/write, etc).
The administrator can create groups easily and rapidly and securely share information with their teams. The administrator will also have full visibility into the team members that have obtained passwords or read information, as an audit trail is maintained. It is also easy for administrators to instantly revoke passwords, such as when the project comes to an end or if an employee is terminated or otherwise leaves employment.
A password manager allows the administrator to view the scores for the passwords to see how secure the passwords are, allowing action to be taken to change any weak, easy-to-guess passwords, and the process of performing password updates is streamlined.
If you currently share passwords through unsecured channels, you should consider a business password manager. It will improve security, productivity, and make life much easier.