Shared Passwords Are a Cybersecurity Risk: Here’s Why

Passwords matter. They are, in a sense, the entry point to your organization: your network, your systems, your email accounts, your data, and more. Protecting passwords is vital to the security of your organization.

We’ve generally talked about how to make your passwords more secure, so now let’s deep dive into the danger of shared passwords. 

A significant part of password security is avoiding universal passwords. Universal passwords refer to using the same password on multiple accounts, whether for business accounts or personal. Universal passwords are a significant security risk.

Beyond universal passwords, shared passwords are passwords that are shared among multiple people for the same login. For instance, an organization may have a marketing email account and share the password among the chief marketing director, marketing manager, and office manager for ease of use. While one password is simple and one log-in for three individuals using the same account, the security trade-off is immense.

According to a survey of 1,000 employees by Beyond Identity, 1 in 10 workers never or rarely change their passwords. Further, most workers use a single universal password across personal and work accounts. Finally, and perhaps most alarmingly, 1 in 4 employees said they can still access accounts from past jobs.

Lack of proper offboarding, or the due diligence performed when an employee leaves an organization, opens the organization to significant cybersecurity vulnerability. The number one risk of improper offboarding is the risk of shared passwords not being changed. 

Tips Regarding Shared Passwords: 

  1. Get rid of shared passwords ASAP! While they provide convenience, the cybersecurity risk is not worth the ease of use.
  2. Make sure employees are being properly offboarded. This means, in the case of shared passwords, that those passwords are being changed, so the former employee no longer has access. Additionally, eliminate their logins to any organizational logins, networks, or platforms. All devices of the former employee should also be returned and wiped.
  3. Require all employees to use unique passwords and multi-factor authentication. 
  4. Use auto-generator password managers when creating new passwords. We recommend Dashlane, 1Password, and LastPass.  

Clarity Technology Group provides managed IT services to small to medium-sized businesses in the Greater Madison, WI area. If we can support the IT needs of your business, let’s chat. Get in touch with our team here.