Top Seven Reasons Why You Should Not Share Your Passwords
One of the most challenging aspects of our modern digital lives is managing all the online accounts most of us now have. Credit monitoring firm, Experian®, found that 25- to 34-year-olds register for an average of 40 accounts per email address. However, across those 40 accounts, each person was using only five different passwords.
Every time there is news of a new data breach and compromised user information, examples of this kind of poor password behavior come to light. These bad habits put your company at risk when employees bring them from home to work.
Many people use the same, easy-to-guess passwords, instead of trying to remember a different complex strong password for every account and site login. A review of five million passwords stolen in data breaches revealed that the most commonly used passwords were “123456” and “password.”
Even Facebook® CEO, Mark Zuckerberg, fell into this trap. Leaked passwords from an attack on the business-focused social media site, LinkedIn®, revealed to hackers that the billionaire protected several of his personal social media accounts with the same “dadada” password.
A survey conducted by a leading digital security firm showed that an astonishing 95% of respondents admitted to sharing as many as six passwords with other people, even though most know it’s risky. The same study found that people are more likely to share passwords for work accounts than for their personal accounts.
Employees often have seemingly good reasons for sharing passwords. Password sharing makes it easier for multiple users to access a team account. Leaving a password on a sticky note under a keyboard allows a co-worker to log in to a business account in an emergency when the owner is out of the office. Managers share passwords so they can delegate tasks. Nevertheless, however well-intended, password sharing is a substantial security threat to businesses. Researchers at Shape Security® found that:
90% of today’s enterprise login traffic comes from attackers automatically trying passwords stolen from one site in login screens at other sites in order to take over accounts.
If we haven’t convinced you yet, here are the top seven reasons why you shouldn’t share your passwords:
- Password reuse– Almost all individuals use the same password to access more than one account. By sharing reused passwords, workers increase exponentially the threat a single stolen password poses for companies. By reusing a password, a Dropbox® employee, whose LinkedIn account information was revealed in the same breach that snagged Mark Zuckerberg, allowed hackers to steal more than 60 million Dropbox customer credentials.
- Privileged credentials misuse– A company’s “superusers,” such as system administrators and developers, require high-level administrative credentials. By necessity, these privileged credentials are often used to access shared accounts. A survey by Centrify® found that almost 60% of IT professionals shared privileged account access credentials with co-workers. Technology analyst firm, Forrester®, estimates that 80% of corporate security breaches result from privileged identity compromises.
- Stored information– Many people try to make the task of memorizing multiple account usernames and passwords easier by storing the information in browsers or password managers. These tools allow accounts to automatically log us in. This seemingly safe shortcut can leave you vulnerable to a cybersecurity attack. Although it might seem like a good idea to avoid typing in individual passwords every time you access an account, even these types of applications can be compromised. Sharing a password to an account that has stored information is like unlocking the front door to your house and leaving it wide open.
- Single sign on (SSO)– Single sign on is a commonly used tool for managing access to multiple corporate applications. With one password, an employee can log in to dozens of enterprise accounts at the same time. While these tools might seem like an attractive way to ease the burden of having to memorize and enter, say, 20 different passwords each day, the common practice of password sharing creates massive security risks when they are used.
- Bring Your Own Device (BYOD)– Employees are increasingly mobile and use their personal smartphones, tablets, and laptops in addition to company-issued workstations. Companies are encouraging this trend as it leads to productivity gains. Unfortunately, any benefits realized by allowing employees to use their personal mobile devices can easily be wiped out if passwords shared with friends or family members gives unauthorized users access to your network and confidential data.
- Cloud computing– Businesses are flocking to the cloud. Cloud computing offers many advantages to enterprises, including cost savings and faster development times. However, many cloud-based applications have poor security protections. Out of 12,000 cloud services, 80% allow weak passwords. A stolen, shared password could then easily give hackers access to your organization’s most valuable data.
- Network insecurity– Increasingly, as the lines between work and home blur, employees put your information at risk when they transfer files between the company and their personal devices. A shared work password might hitch a ride home with an employee and be exposed via insecure home or public Wi-Fi network.
These seven examples cover just some of the reasons why you should not share your passwords. Password sharing makes your personal and professional data vulnerable to cybersecurity threats. Protect your organization by practicing password best practices that don’t include sharing.
One way to limit the risks of file transfer is to use MFT technology like the SolarWinds® Serv-U® Managed File Transfer (MFT) Server, which offers several security benefits that limit the risks of password sharing. MFT technology allows you to safely transfer files both internally and externally to partners. Because your data is managed within your own network and data center, it is not exposed to the cloud or other third-party applications. It prevents employees from relying on insecure personal file transfer programs. Also, Serv-U MFT Server can help you comply with industry privacy and security regulations.
Download a free 14-day trial of the SolarWinds Serv-U MFT Server today.