Before You Share That Password… Read This

Passwords are personal credentials. They are tied directly to a user’s identity and serve as proof of who accessed a system and when. When a password is shared, that accountability is lost and if something goes wrong – whether it’s accidental changes, data exposure or unauthorised activity – it gets difficult and sometimes nearly impossible to determine who was responsible.

For organisations, including those operating in the financial and technology sectors, the stakes are even higher. Systems often contain sensitive customer data, financial records, intellectual property and internal business information. Password sharing can undermine security controls and create serious audit, compliance and regulatory risks. In many cases, it also violates internal security policies and industry best practices.

Beyond compliance concerns, password sharing can also expose systems to cyber threats. A password that is shared may be stored insecurely, reused elsewhere or inadvertently exposed through emails, chats or documents. Even trusted colleagues can unintentionally create vulnerabilities by storing or transmitting credentials in unsafe ways.

The good news is that secure alternatives exist. By using proper access management processes and following good password hygiene, both organisations and individuals can help protect systems, data and accountability.

Best Practices for Secure Access

1. For Individuals:

Do

• Use official access request processes at work if a colleague needs access to a file, folder or system.
• Use platform sharing features in spaces like Google Docs or Microsoft Teams instead of giving out your login.  Remove access when they are finished, so old links don’t stay open forever.
• For social media, use built-in account roles or permissions. Platforms like Facebook, Instagram or YouTube let you add collaborators or managers without giving them your password.
• Change your password immediately and make reports to the relevant authorities/institutions if you believe your password has been shared or exposed. Ensure new passwords are strong and unique to you.
• Enable Multi-Factor Authentication (MFA) whenever it is available.

Don’t

• Share your passwords with anyone.
• Store passwords in emails, chat messages, shared documents or on written notes in areas where others frequent.
• Reuse old passwords or work passwords for personal accounts or external services.

2. For Organisations:

Do

• Establish clear access request and approval processes for systems, applications and shared folders.
• Use role-based access controls so employees only have the permissions they need for their job.
• Provide shared collaboration spaces or shared drives with appropriate permissions rather than relying on shared credentials.
• Implement Multi-Factor Authentication (MFA) across critical systems to strengthen account security.
• Provide regular cybersecurity awareness training so employees understand the risks of password sharing.

Don’t

• Allow systems that require generic or shared user accounts where activity cannot be traced to a specific individual.
• Encourage informal access practices that bypass official approval or access management processes.
• Overlook password management policies or fail to enforce them consistently across departments.

Remember shared passwords = shared risks.

Keeping passwords private may seem like a small step, but it plays a critical role in maintaining accountability, protecting personal or client information and safeguarding reputations.

When someone needs access, always choose the secure process, not the shortcut.