IT expert and professional penetration tester Asher DeMetz says the biggest problem about password sharing is that the code very often gets written down.
“Password sharing is a security risk because the password gets written down,” he explains, “and what is written down can be seen by the wrong pair of eyes.”
“Ethical hacker” DeMetz says one of the most common causes of password sharing is because employees can’t gain access to a certain application – “Frequently it is because someone needs a resource they don’t have permission to access,” he explains.
It’s often easier for a senior employee to simply hand over their password on a piece of paper than get temporary access granted by IT but DeMetz insists this “harmless” act is actually a big deal because even if the employee can be trusted, it’s likely they’ll write the password down and another worker, with less innocent intentions, could come across it.
Not only does this make your organization more vulnerable to cyber-attacks, it means an employee could gain access to a plethora of sensitive information – from performance reviews and personnel complaints to salary figures and financial situations.
So what can HR do to stop password sharers – and any potential hackers – in their tracks?
“Password security is all about modifying employee behaviour,” says DeMetz – not about issuing more complex passcodes or having multiple sign-ins.
Password sharing might seem fairly harmless at first but it can lead to a whole host of problems for HR – here’s how (and why) you should put an end to the potentially damaging practice.