Regardless of whether you’re guilty of this crime, you’ll likely be surprised to find out that 34% of workers share their passwords with their colleagues, according to reports from SurveyMonkey.
That’s an astonishing number of accounts switching hands every day. Moreover, Experian found that 25- to 34-year-olds register for an average of 40 accounts per email address. Across those 40 accounts, each individual was only using five different passwords. You don’t have to be Leonhard Euler to point out that there might be some risks involved here.
But what risks are there really?
Today, we’re going through five of the risks involved in sharing your passwords with your colleagues:
1. Potential Loss of Ownership
When sharing your password with someone else, you risk granting that individual access to every account you own with the same password — and probably even those with similar passwords.
If one of these passwords is for a social media platform, an angry colleague could change your profile picture to embarrass you. If one of those passwords is for your email account, you risk even more because email plays a role Zero Trust and resetting all your other passwords.
Once a hacker gets into your email account, they can change your personally identifiable information — such as your address and phone phone number — to something of their own choosing. This not only allows them to make purchases on sites such as Amazon at your expense, it also allows Amazon to ship the purchases right to the hacker. Effectively, your password sharing has allowed someone else to claim your identity and lock you out of your own digital life. (Also read: 7 Sneaky Ways Hackers Can Get Your Facebook Password.)
2. Hacking and Phishing
When you type in your username and password on your computer at work or at home, you probably don’t look and make sure there’s nobody peeking over your shoulder. That’s because you’re likely confident about your computer’s security; Macs are inherently quite secure with their in-built anti-virus systems, while your Windows computer may be secured by Norton, Kaspersky or McAfee.
Naturally, you are going to be more cautious about the security of your own passwords. Unfortunately, your colleagues may not share the same concerns about security; there’s no guarantee that spyware running on their computers has been detected.
If your colleagues have been careless in the past, a keylogger that detects logins and passwords might be active on their computer, and if they are still careless, a phishing email with a link to a malicious webpage form could put you at even higher risk. Moreover, if your colleague’s computer isn’t protected, and your password has been stored by them on their desktop, what’s to stop someone else in the office from coming across your password? The risks are endless. (Also read: The Human Factor of Cybersecurity: What’s Putting You At Risk.)
The truth is, when you hand over your username and password to a colleague, regardless of the antivirus software you have installed on your computer, it makes you much more vulnerable to being hacked from one of your colleague’s computing devices.
3. The Butterfly Effect
According to the Verizon Data Breach Investigations Report, 81% of hacking-related company-wide breaches are due to stolen or weak passwords. The key thing to understand here is that if hackers are able to gain entry to even one point of your company’s system, it becomes much easier for them to access other parts of the network.
By sharing something as simple as the password to your email account with a colleague over text, confidential customer information can be leaked — which in turn, may lead to legal issues for your company. Indeed, if this happens, your role within the company is likely to come into question at this point.
Even if you share something as simple as the Wi-Fi password to your office with a visitor, you increase an attacker’s ability to perform man-in-the-middle attacks or even DNS hijacking later down the line. Even when the service to which you are lending access doesn’t seem very important at face-value, one must consider its true value as an entry point to the rest of the network.
4. Unwanted Privacy Breaches
Perhaps you want to allow your colleague to respond to comments on the company’s YouTube channel on your behalf. For such an endeavor, you might be tempted to give your colleague access to your own Google account.
Because services such as Google track browsing history across devices, however, your colleague would instantly have access to all the videos you have watched on YouTube, the sites you have visited, your private calendar events and perhaps even the documents, photos and videos you store on your Google Drive.
In the era of remote work, when corporate accounts are often used on mobile phones, personal laptops and home devices, not only do you risk an invasion of privacy, but at worst, you could face blackmail and even have sensitive media from your personal computing devices leaked to the web. (Also read: Cybersecurity Concerns Rise for Remote Work.)
5. Productivity Declines
If you’re more cyber-savvy than the average Joe, but your company culture requires sharing passwords every now and again for some apps, you may feel the need to check your colleague’s computer for viruses, watch over their shoulder as they use your account — or at best, face the need to change your password twice. The first time so your coworker won’t know the password you use is similar to your other account passwords — and the second time to lock your coworker out when they are done, so you regain control of the account and your identity.
The problem is that when sharing passwords becomes a common practice across the board, productivity is likely to decline because employees will need to spend valuable work time managing and protecting their passwords. Even worse, when time becomes an asset that’s continually wasted, the company’s revenue is likely to impacted in a negative way. (Also read: How Cyberattacks Affect Share Holders and Board Members.)
There is a solution to every single challenge on this list: a password manager designed to automatically manage the hassle of organizing, managing and revoking access rights. Be sure to check out Passwork, for example.
Passwork, which can be either a host-based or cloud-based password manager, allows you to store passwords in a protected vault, manage user rights, track changes, monitor security and use one-click logon.
To learn more about Passwork and request a demo version of their password manager, be sure to visit their website today.