You’ve heard the warnings and seen the numbers: Reused passwords are the weakest link in digital security, responsible for over 80% of data leaks. If you’re thinking, “That’ll never happen to me,” think again. Even though over half of internet users are wide open to credential based attacks, 87% never update their passwords. Meanwhile, automated tools can now crack a million passwords in under three (3) hours.
If you’re like most people, you juggle more than 100 passwords - our records show the average LastPass business user tracks 191.
No human brain can manage that without cutting corners. This is why passwords are reused or scribbled on Post-it notes. And it’s why birthdays, pop culture terms, and even swear words are used as memory aids.
Meanwhile, every sticky note and reused password is a roadmap to your emails, bank accounts, and personal data. And with 79% of people sharing passwords (often reused ones) outside their homes, the risks of identity theft are high.
Today, we’re going to show you how to share passwords securely and stop password reuse, so you’ll never again wonder if your data is truly safe.
The stakes: Why password managers matter more than ever
Why every login is under siege
Quick: What’s a type of malware designed to swipe your passwords, credit card numbers, and personal details?
If you guessed infostealers, pat yourself on the back. This malware is now the weapon of choice for scammers worldwide.
In 2024 alone, more than 4.3 million machines worldwide were infected with infostealer malware, compromising a record 3.9 billion passwords.
Alarmingly, just three strains - Lumma, StealC, and Redline - were responsible for 75% of the infections.
The biggest infostealer-based cybercrime in 2024 was the Snowflake attack. Executed by the UNC5537 threat group, it compromised 165 organizations.
This included leading brands like Advance Auto Parts, LendingTree, Mitsubishi, Progressive, State Farm, Neiman Marcus, and Ticketmaster. Many accounts didn’t have multi factor authentication enabled, so a stolen password was all it took to break in.
The Snowflake attack proved one thing: Your password is the only thing standing between scammers and your bank account.
The rise of infostealers: Your identity, their payday
Infostealers don’t discriminate. They target your loved ones, co-workers, friends, and neighbors.
They slip under your radar through harmless-looking emails or downloads, harvesting every login credential, password, and credit card number you type. The result? Your accounts drained, your identity for sale on the Dark Web, and your way of life at risk.
The scale of the threat is jaw-dropping. In Q1 2025, INTERPOL took down more than 20,000 malicious IP addresses linked to infostealers, seized 41 command-and-control servers, and arrested 32 suspects.
They also notified over 216,000 victims so they could take immediate action, such as changing passwords and freezing accounts.
In March, attackers used infostealer malware to harvest credentials from LG Electronics employees with access to Jaguar Land Rover’s Atlassian Jira server.
The result was 700 internal documents compromised, and more than 350 gigabytes of data stolen. This included proprietary source code, development logs, and employee records.
That’s just the tip of the iceberg. In Q2 2025, Europol’s European Cybercrime Centre worked with Microsoft to disrupt the notorious Lumma C2 Stealer. Microsoft identified over 394,000 infected computers worldwide and redirected over 1,300 malicious domains to its sinkholes.
“Sinkholing” is a technique security teams use to direct users away from malicious sites or malware command and control C2 servers to monitored, “dead-end” destinations.
Such efforts haven’t stopped new variants from emerging, however. According to IBM’s X-Force 2025 threat intelligence report, the new year ushered in a 180% spike in infostealer infections. And that’s not all: An 84% surge in email-delivered infostealer malware is fueling an uptick in identity based attacks.
Ultimately, your password habits don’t just protect you. They also protect everyone whose data is stored by the companies you trust.
For example, platforms like Snowflake store data for multiple organizations. If your password is compromised, attackers can access not just your information but also that of other accounts you have permission to view or edit.
That’s where a password manager comes in.
LastPass: The anatomy of a Secure by Design password manager and your secret to easy, secure password sharing
As identity based attacks multiply, a password manager is the single most effective step you can take to protect yourself.
People who use password managers are 3X less likely to experience identity theft. And those who add MFA are 99.9% less likely to have compromised accounts.
With LastPass, you get a personal digital vault designed to:
- Protect your passwords and personal data with military-grade AES-256 encryption
- Help you share passwords securely with family, friends, and team members
- Automatically fill in your login details on legitimate sites only
- Easily generate strong passwords so you’ll never have to rely on (or share) easily guessable passwords again
- Warn you about compromised passwords so you can take action to update account credentials immediately
- Safeguard your stored data with advanced MFA
- Access passwords anywhere, anytime
- Generate unique, strong passwords
- Autofill and share with one click
- Backed by expert threat intelligence
Real-world use cases: From chaos to credential security
#1 Hornsby Shire Council
Before LastPass, password reuse was a challenge for Hornsby Shire Council in Sydney, Australia. Employees were storing corporate passwords in spreadsheets and recycling weak passwords.
With LastPass, the Council was able to:
- Replace a legacy, on-prem tool for credential management with an agile and secure cloud-based password manager, accessible from any location and at any time
- Use the LastPass password generator to create strong credentials for every employee account, eliminating password fatigue (and reuse) for 500+ employees
- Safely share information across the organization while protecting access to its most sensitive data
- Gamify Security scores to maximize LastPass adoption and protect critical privileged accounts
- Offer identity security coverage to both staff and their families with LastPass Families as a Benefit
#2 Marble Box
Headquartered in Chicago, Marble Box is a trusted insurance solutions provider. It handles daily operations requirements for more than 140 independent insurance agencies, so the latter can focus on growth and the customer experience.
Before LastPass, Marble Box employees struggled to maintain secure access to credentials and meet client expectations for data security.
With LastPass, the Chicago-based provider was able to:
- Streamline password sharing for 700+ employees handling sensitive data daily
- Leverage the built-in MFA feature to further strengthen its security infrastructure and maintain compliance with regulatory requirements
Let's hear it from Marble Box’s IT Operations Manager Anil Gupta:
“Through the password sharing feature, being able to control visibility of the credentials required for access is also a key feature... Passwords remain encrypted
and hidden which means all risks are minimized...The efficiency of having any queries or cases resolved within minutes further allows us to confidently proceed with business, knowing that LastPass has our back.”
How to safely share logins with teams and families
Thanks to LastPass’ secure password sharing features, you can safely send login credentials to family and team members.
To share a password, head to your LastPass vault and search for the item you want to share. Click the people sharing icon and then enter the recipient's email address.
When finished, tap the red “Share” button. Any changes made to that shared item are synced automatically for both you and your recipient.
In the Sharing Center, you’ll see all the sites shared with others as well as sites shared with you. You can revoke password sharing for any account at any time.
If you’d like to share several items, you can create folders to share items.
- To create a folder, head to the Sharing Center (in the left-hand menu). In the Sharing Center, select the “Add shared folder” icon, enter a name for your shared folder, and then tap “Create.”
- To add items to your shared folder, right-click on any password, Secure Note, or site entry you’d like to share and select “Move to Folder.”
- Finally, you can add recipients by selecting the folder and then “Manage Recipients” in the “Actions” drop-down menu.
No matter the number of folders you have, each of your personal items will always remain accessible to you and those you trust. Ultimately, LastPass is built to adapt to your needs, providing effortless security for individuals, families, and business teams.
LastPass makes creating and storing secure passwords for all your sites across multiple devices easy. I have hundreds of passwords, and this isn't easy to do otherwise. Using the business plan, I can share sensitive passwords with members of my team. The business plan also includes a free family plan. (Verified user and G2 reviewer)
The energy and time wasted creating and remembering passwords is effectively eliminated. Sharing passwords between family members or co-workers is a breeze... no more Post-it notes or emails with sensitive information floating around. I use LastPass 20+ times a day. (Verified user and G2 reviewer)
With LastPass, info sharing is fast, seamless, and secure. To experience the peace of mind enjoyed by millions of our subscribers, get free access to LastPass Business (for organizations) or LastPass Premium (for individual users) today (no credit card required).
Subscribe for the latest from LastPass blog
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
