Is it ever a good idea to share office passwords?

sharing office password security
At first glance the answer is obvious. No, of course we should never share our passwords, why would we? 

I agree and yet, here’s an oddity: we often encounter small companies where password sharing is common. It may not be obvious at first but with a little digging the practice turns out to be the norm. 

In fact, anecdotally, I would say offices in which some degree of password sharing goes on are more common than those that absolutely ban it.

Why password sharing is not a good idea

Before looking at why password sharing happens, it’s worth taking a moment to consider why it’s such a bad idea. 

Your password is your virtual office key. Together with your login name, it gives you access to those parts of your office IT system that you’re entitled to access. 

It is usually the case, at a minimum, that management, finance and operational staff have different access rights. Sometimes, operational staff may also be divided by project or department. There is only one way of controlling these access rights and that is by issuing passwords with the assumption that they’ll be kept secret — i.e. uniquely tied to the users to whom they are issued. 

Users can change their own passwords and basic good security practice is that no one, including the IT department, should know your password and no one should ever ask you for it. Without this basic good practice, we lose that crucial link between named individuals and their system access rights. In an office in which password secrecy is not sacrosanct there is no reliable audit trail of who did what on the system and everybody has a watertight shield of deniability – someone else must have used my password.

Why it’s a terrible idea

Without password secrecy as a rock-solid, unbreachable policy, any idea of network security is meaningless.

But there is a more subtle psychological issue at stake here too. 

Let’s say someone asked you to share your social media or bank login credentials. Would you do it? Probably not. That’s because there’s something important to you at stake – i.e. your reputation or your bank balance.

Now, even if you run a truly hierarchy-free company with absolutely no differences in access rights, if you allow or encourage your users to be casual about sharing their system passwords you’re making the statement that there’s nothing on your IT system worth protecting. 

So if you then try to convince your staff that you care about business security they’re simply not going to believe you. Bear in mind that employees are your first, and sometimes only, line of defence against the various cyber fraudsters out there looking to relieve your company of money. 

To put it another way: If your staff think you don’t care about security, they won’t either.

Why we do it anyway

OK, there’s nothing controversial there, we all know we shouldn’t share our passwords. So why is it such common practice? Here are a few reasons we come across and some ideas about how to tackle them:

Senior people

Senior people: amongst the worst offenders and the biggest risk to the company. 

Directors, owners and senior managers often have responsibilities that still need to be discharged when they’re not in the office. For this reason, they commonly share their passwords with their assistants and fellow senior managers. 

If it is common knowledge that the MD’s assistant or office manager knows his or her password, then you can forget about convincing others that they shouldn’t share theirs. 

The answer here is to analyse what these special responsibilities are and ensure that senior people have the necessary equipment to discharge them using mobile devices. Here’s a great example of security awareness and seniority not fitting well together.

Holidays and sickness

Holiday and sickness cover: if somebody, e.g. a salesperson, is away on holiday or off sick somebody else needs to be able to log on to their computer to check their emails or other files. 

It is beyond the scope of a short article to explain the configuration steps, but it is straightforward for your IT to configure permissions in such a way that these eventualities can be covered without throwing security out the window.

The all-seeing eye

The all-seeing eye or just in case: based on negative experiences with other companies, office managers are sometimes convinced that the only way to make sure they are in control is to maintain a list of all user passwords. This is a terrible idea both because users don’t tend to keep the office manager updated when they change their passwords and because, for obvious reasons, security is weakened by keeping an accessible (even if not easily) list of commonly used passwords on your network (or in your desk drawer). 

As above, IT can easily configure your system to cover your access to data when people leave, or other unforeseen events occur.

One simple question

There are plenty of other reasons, all equally unnecessary. If you are in the position of trying to end password sharing in your company a good way to tackle it is as follows:

  • Ask the question, “what precise problem are we solving by sharing this password?”
  • The only answer that’s not allowed is that there’s no precise problem and your’re sharing it “just in case” 
  • Once you have identified the problem, before agreeing to share the password, ask IT if there is any other way of solving the problem.

There always is. And if they don’t have a solution you can always ask me. In fact, I would welcome the challenge of a password sharing scenario to which I couldn’t come up with a secure solution.

Other passwords

For the purpose of this article, I have only been looking at the passwords used to access office systems. There can still be a need to share passwords for online systems where, for example, you need to give credit card details for each user on the system and you only need one, e.g. for a domain registration. In a case like this it remains a terrible idea to keep a list of usernames and passwords. Instead, use a multi-user password manager such as LastPass.

Starting point

If you are looking for a place to start in tackling information security and anybody in your office shares their password as a matter of common practice, I hope this article has given you your starting point. 

And, remember, if you find a scenario that hasn’t been addressed here or can’t be solved by your IT people, I would welcome the challenge.

You can always get in touch with us here.

Useful links

Microsoft Blog – Your Pa$$word doesn’t matter
Focusing on password rules, rather than things that can really help – like multi-factor authentication (MFA), or great threat detection – is just a distraction.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

how to be calm and resilient during a work crisis

How To Stay Calm and Be Resilient During a Business Crisis

You can’t escape the C-word at the moment. 

And by C-word we’re not referring to “coronavirus” – nor “COVID-19” (though, you can’t escape those either).

The word of the day is crisis. Because you know what – COVID-19 is just one crisis. It’s surely not the first, and it won’t be the last.

So here’s one particularly valuable thing you can learn from this situation: how to stay calm and logical in the face of any crisis – big or small – that impacts your company.

Read More »
how to unleash staff creativity

5 (Science-Backed) Strategies for Unleashing Staff Creativity

Whether you’re the manager of a team or working on a project with a group of staff, there are times when creativity is needed.

And the more of it you can tease out from everyone, the better the results are going to be.

Now, let’s not be mistaken here… creativity is not just a thing for artistic pursuits. It’s about generating fresh ideas, thinking laterally, coming up with unique ways to solve complex problems… regardless of the field you work in.

Read More »

Want to hear what customers have to say?

Watch out customer story videos and find out today...

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.