Stay Secure by Avoiding 7 Common Password Sharing Mistakes
Sharing credentials with people you trust might seem harmless, but it can introduce security risks and vulnerabilities. Let’s take a closer look at mistakes to avoid, along with best practices for secure password sharing.
Passwords for streaming services (like Hulu), retail accounts (like Amazon), as well as WiFi networks and workplace digital tools (like the company Twitter account), are commonly shared with friends, family members, or coworkers. Password sharing is almost unavoidable for many of these accounts since establishing individual accounts and passwords for each user can be impractical or unaffordable. However, just because it’s common practice doesn’t mean it’s safe. To minimize your risk, you need to learn how to share passwords securely.
Want to learn more about using Dashlane Password Manager at home or at work?
What to do when sharing passwords
Before you can securely share passwords, you need to shore up your own password hygiene. That means establishing and maintaining good cybersecurity habits to avoid hacking, data breaches, and password theft—all things that can be accelerated by password sharing. Strong password practices include:
- Creating strong passwords: A strong password includes at least 12 characters and a random mix of uppercase letters, lowercase letters, numbers, and special characters. A secure password leaves out sequential strings like 12345 and phrases like names or addresses that can be linked to your identity. If you share weak passwords, you’re exposing everyone you’ve shared the password with to hacking tactics like brute-force attacks and dictionary attacks that prey on weak and commonly used passwords.
- Creating a unique password for each account: With so many accounts and passwords to manage, reusing passwords is an easy habit to fall into. Like password sharing, password reuse magnifies your vulnerability. If a repeated password is ever lost or stolen, the same credentials can be used to breach multiple accounts. Dashlane’s Password Health tool helps you eliminate password reuse by providing up-to-date lists of your weak, compromised, and reused passwords.
- Following your workplace password policy: Establishing password sharing rules for the workplace is one of the most important functions of a company password policy. These policies help to build a culture of security to reinforce positive password habits. They can also be used to educate employees on the dangers of password sharing when employees (or ex-employees) share passwords insecurely without notifying the IT team.
- Setting up 2-factor authentication: 2-factor authentication (2FA) uses a second credential, like a push notification sent through an app or text, to confirm user identity. This might add a few seconds to your login time, but it also makes it nearly impossible for an intruder to access your accounts without having your device in their possession.
- Changing passwords after a data breach: Some companies continue to impose outdated edicts like 30/60/90-day intervals for password resets. Requirements for frequent password changes can actually lead to less secure passwords when people make simple changes, such as adding a number or symbol at the end. However, you should always change your password immediately if you think or know it’s been impacted by a data breach, and tell anyone you’ve shared with to do the same.
- Using a password manager: As you learn how to securely share passwords, a password manager makes it easier to create and autofill strong passwords automatically and store them in an encrypted vault. Features like 2FA, a Password Health score, and a secure, encrypted password-sharing portal can help you improve your password hygiene to minimize the risks associated with password sharing.
What not to do when sharing passwords
Password sharing risks can be reduced by avoiding a few common mistakes and unsafe practices. To carry out secure password sharing, make sure you don’t:
- Write them down in plain sight: Remote working and increasingly long password lists have contributed to careless password management habits like writing them down in a notebook or on sticky notes. This allows old-fashioned password theft strategies like shoulder surfing to remain effective in the digital age.
- Share through email: Is email a secure way to share passwords? No, the wealth of confidential information shared over email makes these accounts a prime target for hackers and scammers who use methods like phishing attacks to steal passwords. If you share a password over email, the unencrypted credentials will be easily discoverable in the case of a breach.
- Share through text message: Over 270,000 text messages are sent each second globally, but they’re not the best way to share passwords. Much like email messages, text messages are stored indefinitely in an unencrypted format, and many people save texts that include passwords for future reference. Sharing passwords through text also leaves them exposed if your cell phone is lost or stolen.
- Share using Slack: Businesses of all types are using online communication platforms like Slack to collaborate and share information in real time. Some people may think these forums are also safe for password sharing, but that isn’t the case. Sharing passwords through Slack is risky since, like text messages, the unencrypted messages are stored indefinitely. In addition, large user groups might have access to Slack channels, which increases the risk of passwords falling into the wrong hands.
- Send over an unsecured WiFi network: Public WiFi networks in places like airports, cafés, and hotels are susceptible to data intercept tactics like WiFi network spoofing. Be careful with what information you share using public WiFI, and use a VPN whenever possible. A VPN reduces the risk of data intercepts by encrypting all data going into or out of your device and routing it through a secure portal.
- Save in an unencrypted shared file: Businesses and nonprofit organizations like VillageReach have learned firsthand that password-sharing portals are not secure unless they include encryption and adequate access controls. Open access password vaults allow users to change stored passwords that may be used by others or copy and paste them into unprotected browser password managers.
- Lose track of who has what password: Uncontrolled password sharing can make it difficult to remember who you’ve shared passwords with and whether their information is up to date. This can create a minor inconvenience for friends and family members when streaming or WiFi passwords are changed but poses a more serious security risk for businesses when employees leave the organization in possession of active company account credentials.
Password sharing FAQs
Do you have additional questions about shared account password management and how to safely share passwords? This important cybersecurity issue has been the subject of several frequently asked questions:
- What are the security risks of shared passwords?
Increased security risks from hacking and data breaches can ultimately lead to lost data, money, or privacy for multiple users. Shared passwords also increase the risk of account lockouts when the passwords are updated. Traceability for important transactions is also diminished when multiple users share account or system credentials.
- Are shared passwords more easily hacked?
Yes. Shared passwords are more easily hacked, especially when weak passwords are used for convenience or 2FA is not deployed. The act of sharing introduces opportunities for scams and hacking if a secure, encrypted portal is not used. Insecure sharing methods also increase vulnerability to physical password theft and data breaches.
- Which password types are most frequently shared?
The most commonly shared password types are easy to guess, since many of us have shared them ourselves. Subscription (Amazon, Hulu), WiFi, and financial accounts top the list at home, while social media, credit card, and business application passwords are commonly shared in the workplace.
- How common is password sharing?
A recent study showed that 79% of Americans share their passwords. This isn’t surprising given the prevailing opinion that password sharing is unavoidable. More unexpected is the fact that only 7% of these same respondents were worried about hacking. This discrepancy suggests a lack of awareness surrounding password sharing risks.
- How does a password manager make password sharing more secure?
A password manager makes password sharing more secure by generating strong, random passwords and providing secure vaults for password storage and sharing, so your data is safely encrypted and protected. Additional features, including 2FA, a VPN, and a Password Health score, protect you from external attacks while improving password hygiene and productivity.
Dashlane also includes Dark Web Monitoring to scan the depths of the internet for your credentials and alert you if they’re detected. Dashlane’s encrypted sharing portal utilizes patented zero-knowledge architecture to ensure no one (including Dashlane) has access to your unencrypted passwords and private messages. You can share passwords with other Dashlane users through the secure, encrypted portal and avoid unsafe password sharing habits.
- Dashlane, “7 Password Hygiene Best Practices to Follow,” February 2023.
- Dashlane, “10 Bad Password Examples: Avoid These Common Mistakes,” March 2023.
- Dashlane, “How Password Reuse Leads to Cybersecurity Vulnerabilities,” May 2023.
- Dashlane, “Understanding Your Dashlane Password Health Score,” October 2020.
- Dashlane, “Creating a Password Policy Your Employees Will Actually Follow,” July 2022.
- Microsoft, “What is two-factor authentication,” 2023.
- Dashlane, “Always Change Your Passwords After a Breach,” March 2020.
- Dashlane, “Build the Case for a Password Manager in 8 Steps,” 2023.
- Experian, “What is Shoulder Surfing?” October 2020.
- Dashlane, “What To Do If a Scammer Has Access To Your Email Address,” April 2023.
- True List, “Texting Statistics – 2023,” February 2023.
- Dashlane, “Sharing Passwords Through Slack Is Risky,” November 2019.
- NIST, “Man-in-the middle attack (MITM),” 2023.
- Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” August 2020.
- Dashlane, “Case Study: How VillageReach eliminated hundreds of reused passwords within a global workspace,” February 2022.
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- Dashlane, “What Is Password Sharing & When Should I Use It,” February 2023.
- The Zebra, “79% of Americans Share Passwords, But Only 13% Are Worried About Identity Theft,” January 2023.
- Dashlane, “Putting Security First: How Dashlane Protects Your Data,” January 2023.
- Dashlane, “Dark Web Monitoring: Your Employees Are Likely Using Compromised Passwords,” July 2022.
- Dashlane, “7 Dangers of Sharing Passwords Without a Password Manager,” March 2023.
- Dashlane, “Share your saved items in Dashlane,” 2023.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.