How to Share Passwords Securely with Your Colleagues in the Office
A wise person once said that passwords should be like underwear. You shouldn't leave them exposed, you should change them frequently, and last but not least, you should never share them with anybody. Most of you probably know that, in the corporate environment, the part about sharing passwords isn't always possible.
In an ideal world, your workplace has a well-thought-out IT infrastructure, where employees have accounts with a need-to-know level of access that lets them do their job. In a not-quite-ideal world, password sharing is a necessity, but there's a very clear list of dos and don'ts, and everyone is aware of the repercussions associated with not following it.
In the real world, things are much worse. Employees often find themselves unable to do basic things without sharing passwords, and they spare little thought about what could happen if they misplace credentials unlocking critical corporate infrastructure.
Sharing passwords is a challenge because they must remain secure. At the same time, workers need to have easy access to the data, and their productivity shouldn't suffer. How does it all work? There are a few options which we'll now discuss.
Let's get everyone to remember all the passwords
It's the most obvious way to go, and under a very specific set of circumstances, it might just work. If there's only one password that needs to be shared, in all likelihood, you'll be fine. If two passwords need to be shared, you might face a few issues. If multiple people need to use multiple different passwords, however, then this option is going to fail catastrophically.
The key here is that corporate passwords must be strong, and remembering multiple strong passwords is nearly impossible. If the passwords are weak, the way they're shared is the lesser problem.
The controversial sticky note method
In January, employees of Hawaii's Emergency Management Agency were blasted after one of them clicked the wrong button and sent out a false ballistic missile alert that wrought quite a lot of panic. Several days later, they were blasted again when observant Twitter users dug out a relatively old photo that showed a Post-It note with a password stuck to a monitor in the agency's office.
They're not the first ones that have done this, and they probably won't be the last, but in the wake of the ballistic missile alert blunder, the criticism was especially fierce. In light of the fact that the exposed password was "Warningpoint2," they deserve some of it.
Here's a somewhat unpopular opinion, though. If common sense is applied, this type of password sharing technique might just work in some offices. Obviously, the risk assessment needs to be thorough. If a camera crew is about to visit, for example, it's best to hide the sticky notes while they're there. If many outside people frequent the office, the pen-and-paper option should be ditched. If, however, you are absolutely sure that your physical security is good enough, then you can put the password on a piece of paper and pin it on a cork board. Just make sure it's stronger than "Warningpoint2."
Encryption: The 21st-century approach
Using a pen and a piece of paper sounds positively medieval nowadays, but as we discussed yesterday, some of the digital password storage alternatives come with their own set of problems that can hamper people's productivity at the place where it matters the most – the office. Fortunately, dedicated password management tools like our very own Cyclonis Password Manager are available, and they can not only iron out the usability issues but also make password storage much more secure.
With Cyclonis Password Manager, every user gets an encrypted vault which can host both their own passwords and the ones they share with their co-workers. Every employee has a master password which they choose on their own, and it's the only way to access the data.
While the other options might just work, they are very much dependent on the amount of information that needs to be shared as well as on the threat model. Cyclonis Password Manager's functionality means that these factors play a much less significant role. And thanks to the intuitive interface, users will get used to it fairly quickly.
People make mistakes when they share passwords because they're not fully aware of the risks. If both employees and employers assess the dangers, they should have no issues quickly finding the best password sharing technique for their organization.