A message via a messenger service or an email to a colleague may be the quickest way to share passwords. But it is an insecure and risky path that puts the entire organization at high risk from cyber attacks.
Many businesses, especially those involved in tech and digital, require ongoing communication and online file sharing. Therefore, sharing accounts is often required in a collaborative work environment. This means that employees must find an easy way to share access and passwords with each other - if possible without the risk of exposing the company to a cyber attack.
The secure way to exchange passwords
Im Cyber Security Census Report 2022 Keeper Security found out that only 13 percent of the companies surveyed in Germany are well equipped with an identity control system. 56 percent give their employees at least some instructions and 31 percent leave identity control, including handling passwords, to their employees. Either not everyone seems to be aware of the risk or it is accepted.
The safest way to store and share passwords is with a password manager on a password-protected device. Password managers often offer multiple layers of encryption, making it virtually impossible for cyber attackers to find what they are looking for in a readable manner. With zero-knowledge encryption, nobody but the user can see the data - not even the provider of the password manager and not even an attacker.
Some password management tools, especially for corporate use, offer secure sharing features. These make it easy to give employees shared access without revealing username and password details. Multi-factor authentication (2FA/MFA), which can be enforced at role level, is also desirable for password managers. In general, it is recommended to enable 2FA/MFA on all platforms to improve the security posture of the organization and teams.
Risky methods for passwords
Password sharing is common among internet users both inside and outside of the workplace. A poll by The Zebra, NBC News, and the Pew Research Center found that 79 percent of users admitted to sharing passwords with someone outside of their home.
Organizations that don't use a password manager may be using insecure methods of storing and sharing passwords. This can lead to financial losses and an increased risk of a cyber attack. In the Cybersecurity Census Report 2022, the impact of a cyber attack in Germany was between 10.000 and 49.999 euros.
The riskiest methods of password disclosure
Users who do not use the functions of a good password manager use many different methods to exchange secret access data with each other. Under these circumstances, a company cannot guarantee that only those who are authorized to access passwords will have access to it, and there is hardly any security that the secret access data will not fall into the hands of unauthorized third parties. Six of the most popular and risky methods are:
Distribution via online documents
In the 2021 Keeper Workplace Password Malpractice Report, 49 percent of respondents confirmed storing work-related passwords in a cloud document. 51 percent store passwords in a document on their computer and 55 percent store work-related passwords on their mobile phones.
emails with passwords
Email is one of the most popular forms of communication in the workplace. They are usually sent in plain text and without encryption. If an email inbox is compromised, unauthorized persons have full access to passwords sent via email.
Text messages/SMS with passwords
Similar to email services, there is no security in text messaging. The text message is readable by anyone who can intercept it.
Passwords via online messenger
WhatsApp, Slack, and Microsoft Teams are popular tools for communication between employees for quick project updates or casual conversations. Although many of these cloud services are encrypted, the applications on the devices usually remain open or run in the background.
Physical Documents
Writing down passwords in a notebook or on a piece of paper can deter cybercriminals from accessing login credentials. However, the access data can easily be stolen by an unauthorized person in the offline world.
Verbal sharing of passwords
Even if a face-to-face conversation with a colleague eliminates the classic paper and online danger, it harbors risks because the login data can be spoken out loud and thus overheard.
More at KeeperSecurity.com[Keeper]