Yes, people share passwords: How can they do so safely?
May 2022 by NordPass
While password sharing is associated with the perks such as money-saving, in reality, having the password of a friend or a family member could be convenient in other instances. For example, when jointly managing a family bank account, accessing children’s learning platforms, or even removing the digital presence of the deceased. People share passwords for many reasons but without knowing how to do it safely, says NordPass experts.
According to NordPass research, a single person has around 80-100 passwords to remember and thus often ends up using the easiest option when creating passwords. For years, people have continued using the same insecure variations of numbers and letters — NordPass data from 2021 revealed that the world‘s most famous passwords remain “123456,” “123456789,” and “qwerty.” According to Chad Hammond, a security expert at NordPass, this password fatigue is relevant in terms of credentials creation as well as sharing. “People tend to go for the most convenience with their passwords wherever possible, underestimating the risks involved. To illustrate, I’ll use a likely situation: a person chooses an easy password, reuses it for another platform, then shares the password with a friend. The friend passes it to their colleague, and then voilà — the password you use for various accounts is in the hands of a third party,” says Hammond.
To avoid such situations, easy tips to follow to ensure a secure password transfer include:
1. Do not trust your kid
Pickiness is forgivable and encouraged when it comes to choosing whom to share personal passwords with. As Hammond says, human mistakes are among the most common causes of data breaches. Therefore, it makes sense to re-evaluate who has access to your passwords and then change those if needed.
While a partner, best friend, or close family member might be considered trustworthy, children should be left off this list. According to research conducted by the US National Institute of Standards and Technology (NIST), kids demonstrate poor password habits — they tend to reuse credentials and share them with their friends.
2. Never use the same password
Children are not the only people failing basic password hygiene. Having dozens of passwords to remember, password reuse is also rampant among adults. A 2019 Google security survey revealed that 52% of US citizens use the same password for multiple accounts, and 13% admit to having a single password to secure all of their accounts.
In terms of password sharing, this trend may have some serious consequences. For example, by granting a friend access to a photo editing tool, a person risks giving away the privacy of many other accounts with the same password.
3. Use only secured networks
Based on European Union Agency for Law Enforcement Cooperation (Europol) recommendations, it is safest to assume no public Wi-Fi is secure, especially at airports. While data exchange may seem a better deal than being charged additionally for a cellular connection, the opportunity to get free Wi-Fi does not outweigh its risks.
Most public networks lack even basic network security measures, and it also requires only a little technical experience for attackers to set up a wireless hotspot themselves and get people to join it. From there, criminals look for data they can monetize. Thus, their priority targets are the passwords of online banking accounts, crypto wallets, and other sensitive data helping them commit identity fraud. Passwords shared connected to this network are likely to get into the wrong hands.
4. Deploy a password manager
Many password managers allow you to store passwords end-to-end encrypted as well as share them securely with a close circle in a family plan subscription. Equipped with security features, this tool also helps generate new unique passwords upon demand. This is especially handy when you are faced with a risk that data could have been compromised.
“Technologies advance, and the security of most password managers available in the market has repeatedly been validated. To date, this solution is considered one of the safest options for password sharing and works best if used following other key password-sharing recommendations, such as relying on secured networks and carefully choosing trustees,” says Hammond.
5. Double-check your apps
Since people continue using different communication apps for password sharing, it is essential to check how secure they are. End-to-end encryption, which many platforms lack, is among the main criteria to evaluate if channels used for credentials transfer ensure at least minimum security requirements. NordPass also recommends downloading apps only from official sources (i.e., App Store, Play Store) and changing app permissions on devices, which may help prevent unwanted data transfer.