Whether you want to admit it or not, people share passwords at work. According to one survey, 32% of employees share passwords with others. In our own research, we found that most of those passwords are shared verbally – 74%, in fact – while another 15% are written down. In other words, people often share passwords with others, and do so in a way that’s unsafe and inefficient. Every password-protected account is an entry point to your company’s private data. Businesses need to safeguard any shared entry points with strong security.
Why are employees sharing passwords?
Ultimately, sharing passwords helps people get their work done. Often, teams share one login for a website, so everyone needs to know the password. Or, someone may manage projects on behalf of a client or partner, so both parties need access to the accounts. Contractors, vendors, and other third parties often need access to complete their work. IT teams share admin accounts to manage critical company infrastructure and services.
In summary, there are a number of reasons why people need to share passwords every day. As an admin, it’s your responsibility to create guidelines about how and when employees can share passwords, and help employees follow those rules.
How a password manager helps with password sharing
With a password manager, every employee stores their work credentials in a secure vault. Through the password manager, users can also share credentials and notes with others.
Benefits of using a password manager for sharing passwords include:
1. Protect passwords with strong encryption. A password manager encrypts passwords with a unique, private key. That means that by default, passwords stored and shared in a password manager are protected from prying eyes, unlike spreadsheets. As a result, it’s much harder for someone to steal or abuse the passwords that employees need to share with others.
2. Put the right policies in place. Admins have more control over how and when passwords are shared when employees use a password manager. Password managers can enforce policies that make sure passwords aren’t shared outside the company or only with approved people. With security built in to the product itself, employees won’t struggle to follow the company’s password sharing guidelines.
3. Keep everyone up-to-date. A password manager makes sure everyone has the correct password. Changes to shared credentials sync automatically, so no one loses access after password updates. Manually shared passwords don’t offer the same convenience of keeping everyone up-to-date.
4. Gain visibility into password sharing behavior. Want to know who is sharing a password? Want to know the passwords they’re sharing and who else has access to them? When using a password manager like LastPass, you can see the passwords employees are sharing. That way, if someone leaves the company or there’s a concern about malicious activity, admins can take immediate action to update passwords and revoke access.
5. Have a backup plan. Do you have a password backup plan for an emergency, or when someone leaves the company? Backing up data and making sure it’s easy to access is critical for your business. A password manager ensures that no one person is the sole owner of important company passwords. Rather, admins can share credentials with each other so someone always has access should something happen.