How To Share a Password Securely

When it comes to login credentials, the standard advice is to never share your password with anyone. But what if your job requires you to share passwords occasionally?

IT professionals and security managers routinely face situations where they must share passwords. Servers, databases, and cloud apps may have only one administrative login. Or they may have to provide a new employee with their username and password. You might have to share your social media logins with multiple groups if you run a small to midsize business.

Although it's best not to share credentials, it's sometimes necessary. Regardless of why you might have to share passwords, it can be dangerous. If you have to do it, it's best to learn how to share a password securely.

Insecure password sharing is inherently dangerous because of the link between stolen credentials and data breaches. 

Industry reports say that compromised passwords are responsible for almost half of all data breaches. [1] Since a single breach does nearly $9.5 million worth of damage, insecure password sharing can have disastrous results. [2]

Unfortunately, many companies have seen first-hand what can happen when passwords fall into the wrong hands. A GetApp survey* found that 29% of employees have experienced an account takeover from a stolen username and password in the last 12 months. That's often the result of weak passwords or authentication methods.

Compromised credentials are often the result of simple mistakes when sharing passwords. Employees may write down passwords on a sticky note and then leave it in plain sight. In those cases, password theft is just a matter of glancing at that employee's desk.

Other common mistakes people make when sharing passwords include:

• Sending passwords via email: Email messages contain unencrypted text, potentially exposing credentials to prying eyes.

• Sharing via text message: Standard SMS messages can be intercepted by bad actors, exposing passwords as unencrypted text.

• Messaging in collaboration apps: In the age of remote work, businesses rely on collaboration apps. However, messages may be stored unencrypted, leaving passwords vulnerable.

• Unsecured Wi-Fi networks: Public Wi-Fi hotspots in airports, coffee shops, and hotels are often wide open and unsecured. This leaves all traffic on the network visible to network snoops.

• Reusing passwords: In our survey, 59% of respondents reported using the same password for multiple accounts, meaning a single stolen password can access many different systems.

Applications known as password managers are the best way to share a password securely. 

The primary purpose of these apps is to provide a central repository for an individual to store all their passwords. Password managers generate secure login credentials, store them, and then automatically fill in usernames and passwords when needed. Many also offer a secure password-sharing feature, where encrypted credentials can be sent to and opened by another user.

Sometimes known as "password vaults," password manager apps are quickly becoming a favorite of IT departments and security professionals. In our survey, 52% of respondents listed password managers among the security tools used by their organization.

Another way to send passwords securely is through messaging apps with end-to-end encryption. This class of collaboration tools addresses the primary weakness of other messaging platforms by encrypting stored text. Even in the case of a breach, all message text is scrambled, effectively securing messages with shared passwords.

If you must share a password without secure tools, verbal communication can be a safe method. As long as you are out of earshot of others, telling a colleague a password in person or over the phone is generally safe. It may not be 100% secure, but it's usually safer than sharing passwords over email or unencrypted messages.

If you regularly need to share passwords in personal and business contexts, look for a password manager with "enterprise" and "personal" editions.

The enterprise edition will typically offer more features, such as stronger encryption levels, integration with business applications, and support for multiple users. The personal version may offer the most basic features: generating, storing, and retrieving passwords. However, it can exchange passwords with the enterprise edition, providing a personal and business use solution.

To secure password sharing as much as possible, follow these best practices:

The best way to avoid password sharing is for all members of your IT and security teams to have their own accounts. That way, everyone needing access to a server or a database can use their password.

There are also alternatives to password authentication, including:

• Secure tokens: These small devices authenticate users in place of a password.

• Biometric authentication: Using fingerprint scans, facial recognition, or retinal scans, these tools validate a user's identity to grant access.

• Single sign-on: Also known as SSO, this authentication scheme grants a user or device access to a list of specified resources after a single login.

• Passkey authentication: Passkeys are similar to passwords but are generated by a centralized system as needed for temporary access.

Information security is constantly evolving, often in response to new threats. Following security news sites or blogs is an excellent way to stay updated on the latest trends and approaches to secure password sharing.

Continued training for IT and security staff is also essential. These teams can also attend security-focused conferences. Sessions at these conferences and networking with colleagues help keep your organization at the forefront of IT security.

Although password sharing is a risk to your organization, it's often necessary. However, you can draft a secure password-sharing policy that keeps your organization safe by acknowledging that it must happen occasionally. 

While you're at it, take the time to develop a comprehensive password security policy. [3] Making secure passwords a priority now can save you headaches, hassle, and loss in the future.