You’re in a hurry, out of the office, or collaborating on a project with a colleague. In many cases, the idea of sharing your credentials for a computer or account doesn’t seem that big of a deal. It’s the easiest way to provide access to your account when someone needs to see your data. A recent survey by SurveyMonkey found that an astonishing 34% of respondents said they share passwords or accounts with their colleagues. If the other person has the same level of access as you, it doesn’t seem harmful to let them use your account. However, there are several reasons why sharing credentials put yourself and your organization at tremendous risk.
You may have impeccable password security habits, using a password manager to keep track of the passwords you have randomly generated for each of your accounts. The risk to your organization of your password being compromised is low. If you share your password with someone else, there is no guarantee that person can keep it safe. By sharing your password, you lose control of how it is stored. Maybe your colleague writes it down and leaves it next to their desk, or they store it on a compromised device. It’s likely the person you have trusted with your password doesn’t mean to compromise your account. Still, they may not have considered the wider implications of the account getting compromised, and as a result, not taken the necessary steps to secure it.
In addition to improper storage of passwords, it also becomes increasingly hard to establish who is doing what when you share credentials — cybersecurity teams audit important and anomalous activity on systems. Under normal circumstances, if an individual alters sensitive company data or falls foul of a phishing attack, the cyber team can identify the user through their account credentials and take steps to rectify the problem. However, if many people all share a common login, the process of attributing activity becomes unnecessarily complicated. In most cases, time is of the essence when determining the cause and scope of a cyber incident. By complicating this process, you increase the risk to the organization.