After surveying over 1,000 US consumers to get a better understanding of how people share passwords, we found that consumers favor convenience over security.
We all share passwords.
Nearly everyone (95% of respondents) share more than one password with other people, most often a spouse or family member, but also with coworkers and friends. Despite 73% of survey respondents agreeing that sharing passwords is risky, the majority do so anyway for a variety of reasons.
Whether it’s to give a spouse access to jointly-managed accounts, or to make sure passwords are available in case of emergency, password sharing is an everyday occurrence.
We share passwords at work, too.
And it’s not just in our personal lives that we’re sharing passwords. At least 1 in 4 people share a work password, most often in case of an emergency or to delegate work to others. In fact, Additionally, 61 percent of respondents are more likely to share their work passwords than personal passwords.
But when sharing passwords in the workplace, it’s too easy to lose accountability and too difficult to make sure everyone is following good password security practices. And if a shared password isn’t reset, an ex-employee or former vendor who had access to a sensitive account could become the source of a data breach.
But we don’t share them securely.
Only 19% of respondents say they don’t share passwords that would jeopardize their identity or financial information, leaving 81 percent of people who would share those passwords. Most of us just give a password to someone by repeating it out loud, or writing it down. Where’s the harm in that?
Well, besides the risk of someone overhearing you or getting hold of that piece of paper, there’s also the fact that you’ve now lost accountability for that shared password. It’s much more difficult to keep the other person from changing the password, or sharing it with someone else, or trying to use the same password to get into another one of your accounts.
And we don’t change passwords often enough.
The majority of people (73% of respondents) won’t reset their password after sharing it with someone. The danger here is that should the person you share it with (even if it’s someone you trust at the time), could abuse the password in the future. Or, they could unintentionally expose it through phishing or social engineering. By not changing the password, you’re leaving the “front doors” to your online life wide open.
And since 60% of people use the same password on many sites, it’s even more likely that one leaked password will lead to someone getting unauthorized access to an account, one that’s much more important like a banking or email account.
So how should we manage shared passwords?
It’s clear we need a better way to share passwords, both at home and at work. Here’s some tips on how best to manage shared passwords:
- Share passwords with a password manager. Not only is the password encrypted before it’s shared securely with another person, but it provides greater accountability by letting you know who has access to a password at any given time.
- Only use unique, generated passwords for shared passwords. When you use a different password for every site, one compromised password doesn’t give hackers a way into your online life.
- Change passwords when others are done with them. When you unshare a password, be sure to update your account with a new, generated password.
Are you sharing passwords? Sign up for LastPass today and give password sharing a try! (And replace your old passwords with new, generated ones, of course.)