Sharing Passwords Hurts Your Business—Do This Instead
You’re going to be out of the office. The team shares an inbox. You just need the extra help.
There are many reasons why people share passwords at work, even though sharing credentials is typically against company security policies. Sharing passwords can hurt your business—and there are better ways to get the job done that won’t put your operation at risk.
A shared password can easily wind up in the wrong hands
First and foremost, the moment you share your passwords with other people, access to your inbox can easily wind up in the wrong hands.
In their 2016 study, password manager LastPass found that 61 percent of people were more likely to share work passwords than personal passwords. You know that when you hand someone your email password, they have access to your inbox—they can send email as you—but with your login credentials, they can often gain access to far more than just your inbox.
Sharing your password makes more than your email vulnerable
Sharing passwords can leave other work or personal accounts vulnerable. Many people re-use passwords across different services or use single sign-on services, such as a Google account, to log on to other services. While seemingly convenient, giving someone access to your business email can be like giving them a master key to your life.
If you share credentials with someone else, there’s also no guarantee that person can keep your email password perfectly safe either. They might also feel a need to share your credentials with someone else—possibly for the same reasons you felt a need to share your email password in the first place.
Monetary incentive can compromise a shared password
On the less likely but still possible side, it’s possible that your trusted colleague might also have an incentive to sell your email. A 2017 survey found that 27 percent of U.S. office workers would be willing to sell login credentials to outsiders—some for as low as $100. You can imagine how the risk grows for those working in government or dealing with sensitive information.
You never know who responded to a particular business email
So, let’s assume that you work with a really solid team and they don’t want to sell your email or hack your Amazon account or do anything else nefarious with your login credentials. However, there are still other ways sharing passwords can hurt your business.
Let’s say you have a general inbox, something like firstname.lastname@example.org. Most businesses have inboxes like that, and while one person is often responsible for that account, it’s not terribly unusual for several people to need or want access. Looking back at the vacationing colleague example, for starters.
The problem here is that when many people use the same login to access the same inbox, you have no real way to tell who actually responded to any given email.
Multiple people working in the same inbox limits accountability
So, imagine that you have a new hire on your team. Part of their responsibilities will include managing your info@ email address (and a few other inboxes). You access the account, and you’re training her on best practices for your company, so you open a message to illustrate your point.
And you find that the response someone sent to one of your customers included bad or incorrect information. The damage is done—probably the best thing to do would be to retrain the person who sent the bad email. But you have no idea who sent it. They didn’t sign it. You don’t have any system of accountability. You’re left to hope that your team is delivering the right messages in a timely fashion.
Limiting access doesn’t necessarily improve accountability
Even if accessing email through password managers such as LastPass or 1Pass, you might have some control over access, but not over accountability and tracking.
Sure, by process of elimination you’ll figure out which team member sent a specific email. However, doing so will mean you have to take time out of your day to ask around, plus people will have to take time to try and remember. Ultimately, everyone will lose time and be less productive.
The issue is simple: When multiple people use your login or the same shared login, then it’s as if only one person is managing and responding to emails. Without individual account access, there’s no accountability and no way to keep track of who was in charge of what email exchange, and there’s a possibility that some emails will get a double (maybe conflicting) response.
Sharing passwords can get your Gmail account locked down
In addition to the threat of a data breach, sharing your email password with team members can also get you locked out of your Gmail account. If you can’t access your email, you can’t reply to emails—and that’s going to lead to frustration from customers and colleagues alike.
“Each Gmail account is intended and designed for use by an individual user,” says Google. “If you have multiple users frequently accessing the same account from various locations, you may reach a Gmail threshold and your account will be temporarily locked down.”
Personnel changes are a security headache
When a team member leaves your company, hopefully, you have a system in place for ending their access to all of their business tool and email accounts. Many companies don’t want to simply shut down those inboxes immediately, because they’re likely to still get plenty of emails directed toward your former colleague. But you still need to make sure they no longer have access.
To ensure the security of your business email, any personnel changes or team transfers can mean needing to change your password. Not only will that make it harder to keep up with your own credentials, but it’ll also be more difficult for the team to keep track of as well. In addition to your own login headaches, you’ll also likely have to spend time reminding team members what the new password is, or they’ll spend time waiting for IT to have a moment to help them log in.
Resetting a shared password leads to a lapse in productivity
What if something else happens that requires a password reset? If someone uses the wrong password enough times, the entire account could be locked down for security. You won’t necessarily know who caused the lockout. Or, if someone intentionally resets the email password, it may take time for the new credentials to get around to the whole team—and even to get to you, the person who’s supposed to be in charge of the account in the first place.
If you and other team members can’t access the account because of a password change or reset, you can’t tend to a significant portion of your work. Depending on the motivations behind the password change, too—such as a vengeful or malicious employee—losing access to your account could also mean that someone on your team or outside of the organization could be sending harmful emails, stealing company data, or swiping your own personal information.
A collaborative inbox eliminates password sharing
Yes, there are times where sharing your email password can seem like the path of least resistance, but that doesn’t make it the right thing to do. Employees know this too. Part of why employees share passwords is because they perceive it makes their jobs easier. And many employees say they would be less likely to share their passwords if their company made delegation easier.
A true collaborative inbox eliminates the problem of password sharing—and gains you many benefits, including better security, team accountability, and decreases in lost productivity.
A collaborative inbox gives each team member their own unique, individual login. You can then grant team members access to shared inboxes they need in order to perform their duties—including when someone needs extra help or an employee is going to be out of the office. When someone leaves the company or transfers to a different team, you can simply modify or remove their access accordingly, instead of having to change your own password or reset the password for an inbox used by multiple people.
When each team member has their own unique login, you can also keep better track of security. If someone’s login does get compromised, then you know which account to tend to and which team member to talk with about the situation. You can pinpoint the problem faster while minimizing the productivity impact on the rest of the team.
A collaborative inbox also provides accountability. As emails come in, you can assign each one to a specific person. You’ll know, at a glance, the status of each reply, no group emails to the team needed. No time lost figuring out who was supposed to be in charge of responding. Tandem to assigning emails, you don’t have to worry about duplicate replies coming from multiple team members.
Since each email is earmarked for a specific person, each team member knows what they are responsible for, and won’t have to worry that an email is getting lost in the cracks. Plus, a collaborative email inbox also allows the team to make notes and share drafts, all internally, so even an individual reply can still be worked on as a group when needed.
Because each team member has their own unique login, you’ll not only know who is sending what email, you also won’t have to worry about your Gmail account getting locked down. Your inbox can be just for you, and the team can access your shared inboxes from their own logins. A password reset also doesn’t have to throw the team into chaos—it can instead be managed on an individual basis.
Stop sharing passwords—there’s a better way
Employees share passwords because they think it makes their busy jobs easier. In the stress of today’s fast-paced workplace, it’s an understandable position. However, the risks more than outweigh the perceived benefits.
An organization that puts into place a collaborative inbox gives employees a better option than sharing passwords. When team members have their own unique logins, you now can better lockdown security, know who is working on what, and keep emails moving more smoothly and productively. Instead of sharing passwords, you can instead share congratulations for jobs well done.
Editors Note: This article was originally published in 2018 and updated for 2020.