Let’s face facts: it’s easy to forget passwords. People often use simple words, such as a pet’s name, or easy-to-remember dates such as a wedding anniversary. A hacker could try your name, children’s names, birthdates and pets’ names as passwords to get access to your computer. When they get lucky, your ID, privacy and financial security are all up for grabs.
One of the most challenging aspects of our modern digital lives is managing all the online accounts most of us now have. Credit monitoring firm, Experian®, found that 25- to 34-year-olds register for an average of 40 accounts per email address. However, across those 40 accounts, each person was using only five different passwords.
Every time there is news of a new data breach and compromised user information, examples of this kind of poor password behavior come to light. These bad habits put your company at risk when employees bring them from home to work.
Many people use the same, easy-to-guess passwords, instead of trying to remember a different complex strong password for every account and site login. A review of five million passwords stolen in data breaches revealed that the most commonly used passwords were “123456” and “password.”
Even Facebook® CEO, Mark Zuckerberg, fell into this trap. Leaked passwords from an attack on the business-focused social media site, LinkedIn®, revealed to hackers that the billionaire protected several of his personal social media accounts with the same “dadada” password.
A survey conducted by a leading digital security firm showed that an astonishing 95% of respondents admitted to sharing as many as six passwords with other people, even though most know it is risky. The same study found that people are more likely to share passwords for work accounts than for their personal accounts.
Employees often have seemingly good reasons for sharing passwords. Password sharing makes it easier for multiple users to access a team account. Leaving a password on a sticky note under a keyboard allows a co-worker to log in to a business account in an emergency when the owner is out of the office. Managers share passwords so they can delegate tasks. Nevertheless, however well-intended, password sharing is a substantial security threat to businesses. Researchers at Shape Security® found that:
90% of today’s enterprise login traffic comes from attackers automatically trying passwords stolen from one site in login screens at other sites in order to take over accounts.
If we haven’t convinced you yet, here are the top seven reasons why you should not share your passwords:
- Password reuse– Almost all individuals use the same password to access more than one account. By sharing reused passwords, workers increase exponentially the threat a single stolen password poses for companies. By reusing a password, a Dropbox® employee, whose LinkedIn account information was revealed in the same breach that snagged Mark Zuckerberg, allowed hackers to steal more than 60 million Dropbox customer credentials.
- Privileged credentials misuse– A company’s “superusers,” such as system administrators and developers, require high-level administrative credentials. By necessity, these privileged credentials are often used to access shared accounts. A survey by Centrify® found that almost 60% of IT professionals shared privileged account access credentials with co-workers. Technology analyst firm, Forrester®, estimates that 80% of corporate security breaches result from privileged identity compromises.
- Stored information– Many people try to make the task of memorizing multiple account usernames and passwords easier by storing the information in browsers or password managers. These tools allow accounts to automatically log us in. This seemingly safe shortcut can leave you vulnerable to a cybersecurity attack. Although it might seem like a good idea to avoid typing in individual passwords every time you access an account, even these types of applications can be compromised. Sharing a password to an account that has stored information is like unlocking the front door to your house and leaving it wide open.
- Single sign on (SSO)– Single sign on is a commonly used tool for managing access to multiple corporate applications. With one password, an employee can log in to dozens of enterprise accounts at the same time. While these tools might seem like an attractive way to ease the burden of having to memorize and enter, say, 20 different passwords each day, the common practice of password sharing creates massive security risks when they are used.
- Bring Your Own Device (BYOD)– Employees are increasingly mobile and using their personal smartphones, tablets, and laptops in addition to company-issued workstations. Companies are encouraging this trend as it leads to productivity gains. Unfortunately, any benefits realized by allowing employees to use their personal mobile devices can easily be wiped out if passwords shared with friends or family members gives unauthorized users access to your network and confidential data.
- Cloud computing– Businesses are flocking to the cloud. Cloud computing offers many advantages to enterprises, including cost savings and faster development times. However, many cloud-based applications have poor security protections. Out of 12,000 cloud services, 80% allow weak passwords. A stolen, shared password could then easily give hackers access to your organization’s most valuable data.
- Network insecurity– Increasingly, as the lines between work and home blur, employees put your information at risk when they transfer files between the company and their personal devices. A shared work password might hitch a ride home with an employee and be exposed via insecure home or public Wi-Fi network.
These seven examples cover just some of the reasons why you should not share your passwords. Password sharing makes your personal and professional data vulnerable to cybersecurity threats. Protect your organization by practicing password best practices that don’t include sharing.
Kenoobi Group offers a full range of cybersecurity consulting services to help you protect your systems, detect threats and respond to cyber security incidents. Drop us an email at: consulting(at)kenoobi.com