[SecurityNews] Sharing Passwords is a terrible idea
In past blog entries, we have talked about checking if your password has been compromised, reducing your reliance on passwords with two-factor authentication and using password managers for strong unguessable passwords.
Today, we will discuss password sharing, and why it is a terrible, terrible idea.
Many software systems, particularly older systems or those with low budgets, do not have good access managements. This means that many companies out there share a password. Another reason for this is to enable companies to just purchase one license for software, and have multiple people use that. As a result, everyone uses the same username and password.
In our last entry, we looked at issues with writing down passwords. Unfortunately, with a shared password system, it is almost inevitable. Password managers like LastPass do actually let you share your password, and this is a much better idea. Everyone uses their password manager, and the shared password is securely shared between users that way.
There is still one major problem though.
If something goes wrong, for instance, all the data on the software is deleted, there is no resource. Everyone is a suspect!
Working out who did an action is important for security, reliability, and, in some cases, ensuring legality. For instance, if you have all your user's personal data dumped on the Internet, who is in trouble?
As mentioned in the last article, you can use a server to direct login. Setup a Windows Server that allows people to log in with their credentials into the operating system, and then use the shared password for the software from within the server. This allows you to verify your users, when they used the system and gives recourse in the case of an issue.
That said, it is still worse than having different passwords into the software. If criticial software for your business does not allow multiple users and access levels, talk with the software's publisher about why this isn't the case, and ask for them to implement the feature. It may save your business!
Congratulations @datapipeline! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Congratulations @datapipeline! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!