Stop your employees from sharing credentials

Measuring human risk
CultureAI Team
October 12, 2022
Security Awareness Pros

Contributed by:

⚡ TL;DR ⚡


Credential sharing for a computer or software often doesn't seem a huge concern. Sharing credentials can enable someone to assist you by executing a quick task or checking something for you if you're in a rush or away from the office. Sharing the password to your Netflix account might seem entirely innocent, but doing so might have disastrous results because it jeopardises the security of your employer's network if you use the same email and password across multiple platforms.

Sharing login information for your official accounts might increase the chance of critical company information being exposed, whether you share it with your spouse or your most dependable coworker. Confidential information could be at risk if it falls into the wrong hands. It may not seem harmful to you to let someone use your account if they've forgotten their password or access card if they have the same degree of access as you (such as having an account on the same computer).

Sharing credentials, though, might put your organisation and yourself in danger. Although six out of ten working Americans claim they are concerned about the security of their company's data, that doesn't mean they always act that way. There are 95 million knowledge workers in the United States, which suggests that up to 32 million workers may be sharing passwords.

The dangers are great. Shared passwords make it much simpler for hackers to gain access to other areas of your network if they break into your system, which can turn a minor security incident into a major breach.

According to some estimates, the average breach cost U.S. businesses $1.3 million in 2017, and eight out of ten (81%) hacking-related violations in that year were made possible by either stolen or weak passwords. Sharing passwords isn't the only problem. Indicators of bad password management will also contribute to breaches through passwords.

Nearly a quarter (22%) acknowledge using the same password across various work accounts. And while almost one in six people (58%) claim to memorise their passwords, one in three people (34%) write them down on paper, and one in ten people store their passwords in a document on their computer. Finally, only 21% of respondents claim to use password managers like Lastpass or 1Password, the software that most security experts advise using to manage numerous passwords properly.


The risks of password sharing at work could lead to loss of access control, improper credential storage, and an inability to execute event attribution, among other drawbacks.

Access Management

Someone controls your public image if they access your social media accounts. Additionally, they influence thousands of other things, including linking your account to dubious websites, sending messages in your name, putting offensive content on your wall, etc. This is one of the drawbacks of making Internet use more commonplace. Despite all of the advantages that the Internet has provided us, there is always a chance that social media will be misused. By disclosing your passwords, you increase the likelihood that you will experience this risk.


Hackers have been active in their attempts to gain access since the idea of passwords emerged. Sharing passwords can increase your risk of having your accounts compromised. For instance, even if you have firewalls installed on your computer, hackers can still readily obtain your credentials if a coworker logs them on his unsecured machine.

Another typical method that hackers employ to obtain the passwords of their victims is phishing. Phishing attacks are getting increasingly sophisticated, and they frequently transparently mirror the site that is being attacked, allowing the attacker to watch everything the victim does there and cross any further security barriers with them. By far the most frequent assault carried out by hackers as of 2020, according to the FBI's Internet Crime Complaint Centre, which records more phishing instances than any other kind of computer crime combined.

Possibility of malicious usage

While you could have confidence in your staff, it's never a given. Giving everyone administrative access puts you at risk for privacy violations and makes it easy for a single angry employee to export your data and permanently delete your account.

Greater account vulnerability as a result of reusing passwords

People frequently build passwords based on memorable information, such as your company name and the year it was founded. Therefore, employees shouldn't reuse passwords to avoid creating a "business password index" or memorising numerous combinations with slight changes to the original password.

This increases the likelihood that former employees and other team members would get unauthorised business access. If the password is compromised, it can take more time for you to reset each password than it would for the hacker to gain access and steal data. It also contradicts our list of recommended practices for password security, which is available if you'd want more information.


Using tools for multiple users, sharing sessions

With minimal benefits, having many user accounts can become very expensive. Password sharing is, therefore, more prevalent in departments with restricted budgets. These programs typically take the shape of browser add-ons, and only the user sharing their session needs to log in. They exchange the sessions as cookie files, which the tool keeps encrypted. They won't be able to view anything important even if someone intercepts it. Additionally, adding more user accounts is frequently an unnecessary investment for smaller companies that sell products and services with thin margins.

Multi-factor authentication enabled

A business can significantly strengthen its cybersecurity posture by creating a multi-factor authentication strategy with explicit instructions for unforeseen events (lost or stolen badges, etc.). Multi-factor authentication can also prevent credential sharing by making shared credentials more challenging or impossible. Sharing credentials becomes impossible or impractical if an employee needs to have physics to another employee's ID badge or smartphone to use the account.

When an employee quits, be prepared to modify or restrict user access to accounts.

Introduce a required procedure to fully locate and seize the employee's accounts related to their employment within a predetermined period after their termination or notice of absence. Once finished, the employee cannot access their accounts after leaving the organisation.

In summary, Implement a firm policy against password sharing and educate your team. Explain to staff how to stop login information from being distributed to groups or outside parties that don't require access and how to spot phishing scams.

A weak password protection system frequently indicates a more severe data security issue. Talk to experts if you're worried about security in your entire company to find out where you might be vulnerable and what you can do to reduce it.

Learn more

Speak with us today to learn how CultureAI can help prevent sharing credentials
Click here