How do you share passwords with clients securely?
Password sharing is usually a grey area in many small to medium-sized companies. Not many companies know how to do it right.
Should you send a password in an email? Is it better to share it online in a document? Is there a secure way to share passwords with clients?
Keep on reading to find out.
3 (risky) ways employees share passwords in companies
It is almost impossible to work in a company and not share a password. People collaborate, join teams to complete projects, and invite external partners to do resource-demanding tasks.
All of these practices involve logging into some systems with passwords.
And here are the three dangerous ways employees usually share passwords with clients in companies.
#1. They send them via email.
Some people believe there are no safety concerns to using email to send a password because emails are encrypted.
And while there is a little chance someone would steal your password on a network, it is still a risky practice.
It is considered a dangerous practice to send passwords in plain text – in a readable format. Even if you send (or receive) the password safely, it remains stored in your mailbox in a readable format (even in the bin). Even if you deleted the password, there is no guarantee the recipient (or sender) did the same.
Passwords stored in plain text are never 100% secure.
#2. They send them in chats.
Some companies choose to send passwords via chats (like Slack).
In some cases, employees (accidentally) send one password to the entire Slack channel without taking any security measures. If a person shares one password with a group of people, he loses control over access to that credential.
It then becomes a matter of integrity and trust among colleagues.
Similarly to emails, although chats are usually encrypted, they open some other risks, too. When a person shares a password in a channel, all parties keep a copy of the password in plain text.
#3. They share them online.
Last, many people choose to store their passwords in online documents (like online Excel sheets) because it is convenient.
Sometimes these people share the whole document with people who need some logins. While this practice is convenient, it might expose some passwords to people who should not have access to them.
As a result, this and other password-sharing practices can be the weak spot that causes a data breach (or at least provide unintended access) in a company.
What risks do insecure sharing practices cause?
Passwords stored in a readable format are always prone to accidental disclosure.
For instance:
- if you leave an open laptop in the office when going for a coffee;
- when you accidentally forward an email that contained a password;
- when you accidentally assign the wrong person to the document with a password.
Also, when an employee shares one password with a group of people, he exposes that credential to (too) many people.
Consequently, it becomes impossible to know who has access. If someone (accidentally) changes the credential, nobody else, including the password owner, can log in.
And while some of these practices can be easily reverted (f.e., removing access from the document), insecure password sharing can cause company-wide damage.
So, is there a safe way to share passwords with clients outside the organization?
How to share passwords with clients securely?
The easiest and most secure method to share passwords with clients is to use a password manager when sharing sensitive information.
This allows employees to share passwords in an encrypted vault that decrypts a password locally on a user’s device.
Let’s take PassCamp as an excellent password-sharing tool example.
In PassCamp, you can share credentials not only with your team members but also with external clients by using the Guest feature. The Guest feature allows you to assign a password to a temporarily working business partner or freelancer.
You can also specify the permission level. For instance, you can allow your partner to view the password only, edit it, or edit and re-share it.
If your business partner unintentionally changes the password, you, as a password owner, will see the previous and the newest password versions. This feature makes it easy to control access and boosts convenience, transparency, and security.
In PassCamp, this feature is created but is not limited to sharing only passwords. In addition, you can securely send a secure note, payment information, address, and other business-relevant details.
After all, a reliable password manager makes it easy to share passwords with clients safely. Once you try it, you will not go back to your old (and risky) data-sharing habits.