Skip to Main Content

Passwords, Two-Factor Authentication, and Security Questions

This guide goes into more detailed looks at passwords, password managers, and two-factor authentication.

Sharing Passwords

When it comes to sharing passwords (with coworkers, significant others, colleagues, group project members, friends, family members, etc) the first and primary piece of advice is simply

DON'T.

However, there are a number of practical and not so practical reasons why passwords are shared (shared work computer, shared account to retrieve data, you need someone to check your account while you are out of town in place with limited-to-no access, your friend really wants to use your Netflix account in exchange for you using their Hulu account, your mom asked really nicely) and there are some ways to mitigate the possible damage that might occur:

  1. First, find out if there is a way to make multiple profiles (each with its own password) rather than a shared profile.
  2. Make the password truly unique to the account in question. Do not reuse this password elsewhere, not even pieces of the password.
  3. Change the password immediately before you share it and
  4. Change the password immediately after you stop sharing it.
  5. If anyone in the group leaves for any reason, even amicable ones, change it. This includes break-ups, changes in roommate situations, and so forth where the social dynamic changes.
  6. Change the shared password semi-regularly and make sure to send it out only to those who have been trustworthy.
  7. Change the password immediately if anyone in the group reports that they have been compromised or suspect they have (including yourself).
  8. When sharing the password, do not do this in a plaintext or clear fashion (avoid group emails/texts). Do it in person or maybe it is a good time to brush up on your encryption skills.
  9. Keep track of which passwords you have shared, and with whom.
  10. Share these rules with everyone in your password group. 

Keep in mind when you share your passwords, people can do a lot of potential harm to your accounts including even changing the password to lock you out or change important settings or details that you might not want changed. They may have access to linked accounts, personal files, or personal details that can help to break into other of your accounts. You also have little to no control with whom they share the password, so your group size might be larger than you think (hence #6). And, finally, some accounts/services might flag such sharing as a violation of terms of service so you can find yourself locked out of your favorite Netflix series because other people have decided to rewatch Tiger King for the third time.

Subjects: Cybersecurity