7 Dangers of Sharing Passwords Without a Password Manager
| Dashlane
Password sharing is a common and unavoidable practice in our digital world that can make you vulnerable to hacking and data breaches. Fortunately, a password manager provides a secure and convenient way to share private information while mitigating the dangers of sharing passwords.
What is password sharing?
Password sharing means giving your login credentials to others so they can access the same accounts, services, or apps you’re using. This can be done in many different ways and a variety of settings, including:
- Sharing retail and subscription accounts: Logins are often shared by members of a household to access entertainment services. This added convenience can come at the expense of security since private account information and banking details can be exposed if any of the shared users are impacted by a data breach. As the list of subscriptions grows (Netflix, Hulu, HBO, Disney+, Amazon Prime, and so on), account sharing with your loved ones can be made safer when you don’t reuse passwords from other shared or previously opened accounts.
- Sharing business accounts: Company policies often provide guidance that helps workers keep their data and accounts secure. Unfortunately, this doesn’t eliminate unsafe password-sharing practices in the workplace that include shared spreadsheets, sticky notes on workstations, or messaging platforms that multiple employees can view. Workplace password protection strategies specifically designed for account sharing can help minimize these outdated habits.
- Sending passwords over email, text, or Slack: Sharing passwords through emails and texts has also become a common practice, since mobile devices allow us to retrieve information from our phones, wherever we are. It’s not wise to share your passwords using these methods since these messages can be stored indefinitely and aren’t protected by encryption. Likewise, communication platforms like Slack and WhatsApp can become hacking targets as unprotected forums that are frequently used to share private information.
- Sending one-time passwords (OTPs) and confirmation codes: 2-factor authentication (2FA) uses a second credential, like a code sent through a text or app, to further verify user identity. During the password retrieval process, one-time passwords (OTPs) are sometimes sent to allow temporary access. Our mobile devices allow us to circumvent these security measures by instantly sending confirmation codes and one-time passwords to trusted others who are requesting access to our accounts.
- Safe and encrypted password sharing: The only safe way to share passwords with friends, family members, or coworkers is by using a password manager with a secure sharing portal to share encrypted passwords, notes, and private messages. The zero-knowledge architecture used by the best password management solutions ensures that no one can ever access your shared complex passwords, messages, or account information without your permission.
Want to learn more about using a password manager on your own or with friends and family?
Check out our Friends and Family plan or try the Dashlane Password Manager for free.
The 7 dangers of sharing your passwords unsecurely
- Risk of hacking: Many hacking tactics rely on poor password strength and storage habits. Password sharing can expose logins in several locations at once, making you more vulnerable to hacking tactics such as:
- Phishing: In this type of attack, hackers pose as reputable companies, individuals, and sometimes even coworkers or executives at your company and send emails intended to trick you into clicking on malicious links or providing private information like your passwords or credit card numbers. Our willingness to share passwords over email is something social engineers count on to pull off successful phishing expeditions. Phishing emails can sometimes be difficult to detect, so it‘s best to contact companies directly to verify whether the ‘phishy’ messages you receive are legit.
- Brute-force attacks: If you’ve ever entered your password incorrectly, then tried to log in with multiple variations of that same password in the hopes of guessing the right one, then you understand the basic premise behind a brute-force attack. Hackers deploy this trial-and-error strategy with extra help from software designed to test combinations as quickly as possible. Commonly used and simple passwords make us more susceptible to brute-force attacks since the computer algorithms hackers use can easily guess them. Shared passwords jeopardize multiple users if a brute-force attack is successful.
- Credential stuffing: This strategy is similar to the trial-and-error approach used in a brute force attack, only instead of randomly generating login credentials, hackers buy real credentials on the dark web, then use software to plug this information into multiple sites at once. Since it can be hard to keep track of shared passwords, they’re more likely to be breached without your knowledge and end up on the dark web. Credential stuffing led to around half a million compromised accounts on Zoom at the height of the pandemic.
- Malware: Malware is a catch-all term for any malicious software downloaded onto a device. Some malware types deploy keylogging or activity monitors to capture valuable information, including passwords, and some can make your device completely unusable until a cryptocurrency ransom is paid. If one device with access to a shared account is compromised by malware, all other account users should be notified.
- Employees leaving (with passwords): The risks from sharing passwords at work multiply whenever an employee leaves the company. Even though managers or IT teams typically terminate network access at the end of employment, the departing employee could still retain shared credentials. In rare cases, disgruntled employees may even sell credentials to outsiders after leaving the company. Intentional or not, confidential information can easily leave companies along with departing employees if not secured properly.
- Harder to track actions on shared accounts: Shared accounts not only add risk but also hinder the convenience they are supposed to provide. For example, sharing passwords at work makes it difficult to track individual actions since they all appear to originate from the same account. This might include contributions to a project, accounting transactions, or emails sent from shared accounts. At home, this could also lead to confusion over in-app purchases, online shopping, or movie rentals.
- Passwords intercepted on communication platforms: Communication platforms like Slack may seem safe enough but don’t include the security features needed to safeguard data, like encryption or multifactor authentication. If a hacker infiltrates a communication channel containing credential information, all users associated with that account need to reset their passwords immediately.
- Illicit users gaining access to other accounts: Even if you don’t share passwords, reusing passwords amplifies your level of exposure during a data breach since multiple accounts can be impacted if even one password is stolen. This risk factor is accentuated even further when passwords are both shared and reused, with a single password exposing a large number of devices, accounts, and users all at once.
- Passwords in vaults not being adequately managed or controlled: Secure vaults are the preferred method for password sharing, but not all vaults offer the same level of protection and security. For example, non-profit organization VillageReach experienced how these vaults could be misused. When their original repository of shared passwords ended up being copied and pasted into unsecure browser password managers by workers, the liabilities began to outweigh the convenience. VillageReach resolved this issue by adopting Dashlane’s password manager to safely create, store, and autofill encrypted passwords and set up a more secure password-sharing vault.
- Losing access when passwords are changed: When we share passwords manually, it can become difficult to remember what passwords we shared with whom. If the primary account holder resets a shared password, everyone the password was shared with will lose access if they aren’t notified. This is particularly annoying for shared workplace applications when productivity is of the essence. The best secure-sharing portals included with a password manager track shared logins so that updates can be synced automatically.
What is secure sharing with a password manager?
Password managers automatically generate strong and secure passwords, store them safely in secure cloud locations, then provide convenient, user-friendly autofill to retrieve account and user logins effortlessly. The best password managers also include features and functionality like encryption, 2FA, and password health scores to provide a comprehensive cybersecurity solution.
Secure sharing is another important feature that leverages the password manager’s built-in encryption and secure storage benefits to make password sharing as safe and convenient as possible. A secure sharing portal can eliminate the need to share passwords using sticky notes, emails, or communication platforms intended for other purposes.
How password managers secure shared accounts
Dashlane’s secure-sharing portal allows you to send logins, Secure Notes, and payment information to other Dashlane users, even if they’re outside your Friends & Family plan. Permission rights can be customized, allowing the recipients to see, use, or edit shared information. An email message and an alert in the notification center will automatically appear when an item is shared. This useful feature complements 2FA, zero-knowledge architecture, Password Health scores, and Dark Web Monitoring as part of a complete cybersecurity tool kit.
Secure password sharing is an essential consideration for your personal and workplace cybersecurity, but even more important are the passwords themselves.
Learn why you need to have secure passwords and how easy it can be to create and manage them.
References
- Dashlane, “5 Things to Know Before Sharing Passwords With Your Partner,” February 2021.
- Dashlane, “How to Stop Reusing Passwords for Good,” January 2020.
- Dashlane, “How to Manage Passwords at a Business Level,” September 2022.
- Dashlane, “A Beginner’s Guide to Two-Factor Authentication,” August 2022.
- Dashlane, “Share your saved items in Dashlane,” 2023.
- Dashlane, “A Deep Dive into Dashlane’s Zero-Knowledge Security,” August 2022.
- Dashlane, “What the Hack is Phishing?” March 2020.
- Dashlane, “What the Hack is a Brute-Force Attack?” February 2020.
- Dashlane, “10 Most Common Passwords (Is Yours on the List?)” September 2022.
- Dashlane, “What is Credential Stuffing?” September 2020.
- CPO Magazine, “Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web,” April 2020.
- Dashlane, “What the Hack is Malware?” February 2020.
- Dashlane, “Sharing Passwords Through Slack is Risky,” November 2019.
- Consumer Reports, “What to Do After a Data Breach,” April 2021.
- Dashlane, “Case Study: How VillageReach eliminated hundreds of reused passwords within a global workspace,” February 2022.
- Dashlane, “Why Employees Shouldn’t Let Browsers Save Their Passwords,” March 2021.
- Dashlane, “Pitch a Password Manager to Your Boss in 8 Easy Steps,” November 2020.
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
- Dashlane, “Understanding Your Dashlane Password Health Score,” October 2020.
- Dashlane, “Dark Web Monitoring: Your Employees Are Likely Using Compromised Passwords,” July 2022.
- Dashlane, “Why You Need to Have Secure Passwords in 2023,” February 2023.
- Dashlane, “Creating a Password Policy Your Employees Will Actually Follow,” July 2022.
- Dashlane, “Sharing Passwords Through Slack Is Risky,” November 2019.
- Dashlane, “How RevGenius reduced offboarding risk with Dashlane’s human-centric UX,” January 2023.
Sign up to receive news and updates about Dashlane
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.
