On Sharing Passwords

Earlier this year (2012), the NY Times ran an article about teens sharing passwords. This, of course, lead to a few commentaries on the subject.

Sharing passwords is, as Forbes puts it, “a spectacularly bad idea.”

But it’s not teens to be concerned about: businesses are extraordinarily bad about sharing password.

People get angry all the time. The NYT article linked above points out a few instances where a shared password gave the other person the access they needed to do something horrible. Now imagine what happens when someone in a bad mood has access a lot sensitive data from a Fortune [insert number] company?

The likely result is nothing: human beings are generally pretty nice and wouldn’t do anything to harm others deliberately. Generally.

A more likely senario is that someone leaves a company – for their own reasons or otherwise. That person had access to all of the online and other accounts. If a shared password was used, that means the entire groups password should be changed to be sure this person doesn’t keep her access. Alternatively if this employee had his own account, removing his access is as simple as disabling or deleting his account.

Separate user accounts also give you the benefit of access privileges. To use WordPress as an example: if I need to have a colleague work on editing the images on a give site, I might give them access only to editing posts but not to the administrative options.

Please. It’s not good. And sharing passwords generally makes things harder. So stop it. Separate user accounts with controlled privileges, that’s where you need to be.

Post image by reidrac.