Sharing of passwords is generally not advised. Yet, there are a few cases that you have no other way. In this article, we will explore when to share a password and how to do it safely and securely.
There are two primary use cases for sharing passwords, long-term and ad-hoc sharing. The “Long-term sharing” is about the cases where you need to share an account with a colleague or a friend. While the “ad-hoc sharing” is for cases where you need to hand-out or restore an account.
Long-term password sharing usually happens between colleagues or personal friends. Thus, A “strong relationship” is in place. This means that installing software to help password sharing, shouldn’t be an issue.
For sharing passwords long-term, the most secure way is through a password manager. A Password manager will ensure safe and secure password sharing. The whole process between the two parties is end-to-end encrypted. Furthermore, password managers provide detailed access controls. That enables you to control how long the password is shared and who can edit it.
Using a password manager comes with more benefits to your password security. One of them is that you no longer have to remember any passwords. Which means you can make them as long and as complicated you want. Raising your safety and security.
A serious consideration for password sharing schemes at your company should be the “off-boarding”. The process where an employee has to leave the company. Shared passwords are a particularly problematic issue in this case. You will have to change every shared password that the departing employee had access to.
Onboarding employees and account restoring is when you would share passwords ad-hoc. Your priority should be to use a “password reset link”. Or using services that allow the users’ to set their own password. For the cases where that is not possible, read on.
For ad-hoc password sharing, we cannot assume that any kind of relationship exists. Usually, we share passwords with third-parties. Parties that are outside our organization, or employees that are getting onboarded. This means that we can’t have the expectation that they have access to any secure service we use.
For ad-hoc password sharing with third-parties, the best solution is a “Secret Sharing Service” like SROP. SROP password sharing works in three easy steps:
Opening a sensitive note will produce a notification that you will receive. That way, you can be sure about the delivery of the password. You may also add a password on the secure note. Which you would share with the recipient using a different channel of communication.
A bad-actor intercepting the secret URL is a highly unlikely case but can happen. The ad-hoc sharing mechanism helps you stay on top of the breach:
Password sharing is discouraged. But, reality happens. It is advised that you have a solid process on how to share passwords. You wouldn’t want to leave these kinds of decisions to the judgment of your employees.
SROP can help you with the sharing of passwords and sensitive notes, that’s why we built it. Let us know your thoughts and questions.