Enterprise IT security news and advice

Sharing Passwords Securely

Over the past year, with the onset of the COVID-19 pandemic and the increase in remote working by employees, the need to safely and securely work and collaborate from a distance has been crucial for most large organizations.

While many companies allow some employees to work remotely for at least some of the week, few would have thought that there would be a need to adopt remote working organization-wide. Making that change quickly has been a major challenge for businesses. With employees working remotely it has been much harder to implement appropriate security controls, and vulnerabilities have been introduced as a result. Cyber threat actors have increased their attacks on businesses during the pandemic and it is often employees that are targeted. Phishing attacks attempting to steal passwords or distribute malware have been rife, and brute force attacks exploiting weak passwords have been all too common during the pandemic.

Password security has become even more important with remote working and the rise in cyberattacks. The safest way to allow teams access to different platforms, software and databases, and to share passwords securely is to use a password management solution. These solutions come with a range of different features to facilitate secure password sharing and they will ensure that your teams’ passwords remain safe and secure. These solutions can also help to improve productivity.

Some of the most important features to look for in a password manager have been listed below:

  • Hiding passwords: Preventing the user from seeing or editing passwords. This feature prevents passwords from being seen by unauthorized individuals when working remotely.
  • Password generator: Strong, unique, random passwords will be suggested for each account. These password generators can be configured to generate passwords of the required level of complexity to match your password policies. 
  • Options for individual and group sharing: You will require a solution that is both scalable and secure. There should be functionality that allows individual members of staff to share passwords with each other or, alternatively, with an entire team or within the organization.
  • Allowing the sharing of one or more passwords: It is important to have the power to share group passwords either one at a time or all together to allow for easier authorized access. Using a folder is a convenient way of doing this. Access can then be allocated to one or more people.
  • Shared passwords controlled by administrators: There should be a control mechanism to allow admins/managers to see who has access to passwords.

Password Sharing: What not to do!

Never:

  • Email a password to anyone else. Even with encryption in place this is not advisable.
  • Send a password via text message (SMS). There is rarely encryption for this mode of communication and text messages can be intercepted and can reman on the carrier’s servers indefinitely where they could easily be accessed.
  • Share a password using Notes Apps. Once again, like SMS and email, there is rarely encryption in place on these messages. It is not a safe platform and should not be used to send any protected information or login credentials.
  • Save them in a spreadsheet. Even with shared spreadsheets like Office365 or Google Sheets, there is rarely encryption in place. 
  • Create hard copies of passwords using sticky notes, stickers, or placing a sign on a computer monitor.

Bitwarden is an ideal password manager for business and enterprise use and has a wide range of features to allow users to share passwords securely. The solution is open source, so its code is regularly reviewed for bugs by security researchers, and the solution has excellent security and has been created under the zero-knowledge approach – Bitwarden has no access to passwords.  The solution is competitively priced, easy to implement and use, and there are excellent free tiers for both individuals and small businesses.  The solution has all of the above features and more and is certainly work reviewing when researching password managers for your business.

 

Author: Patrick Kennedy

Share This Post On