Back to Basics (4) – Password Sharing

by
password = identity

Back to Basics (4) – Password Sharing

Password sharing is one of the quickest ways to break down the Authentication, Authorisation and Accountability (AAA)*** in any organisation – quickly defeating your cyber security preparations.

Sharing your password is not caring…

Our team often comes across instances of password sharing, usually for one of the following reasons:

  • The user is on holiday and access is wanted under their identity to access specific software on their machine.
  • Management wants to retain access to any computer at any time – for probably some unspecified reason.

Both of these reasons look perfectly valid at first glance – but let me explain a couple of reasons why they are bad cyber security decisions.

Password as Identity

Back to Basics (4) – Password Sharing Cyber Awake

In this mini-series, I have been trying to emphasise that the humble password needs care and attention as it is a key part of your cyber security (I know passwordlessness is coming but it is not here yet – so the password is still important.

The password is important as when you use it to log in, it identifies you to the system and any monitoring and logging systems associated with that device/network/app, etc. If you share your password with someone else and they log in using your credentials, the system will think (know) it is you. Any subsequent investigation, for either a good or bad incident, will prove that, according to the logs, you did it – negating the accountability of your systems.

Password = PIN

For users of Windows Pro machines, remember that the PIN you are using in place of your password to confirm your identity and gain access is the equivalent of your password. So the same rules apply to it as to your password.

Your Password is Your Password

Coming back to the original reasons why management may share passwords – there are better ways to achieve those outcomes, without sharing a user password, so retaining the AAA of your cyber security plan.

Do you want to know what those ways are? Then now is when you need to contact us!

Next

The final part of my password mini-series – yes, I still have one more thing to say about passwords.


Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

Credentials – Why are they so important in cybersecurity?

*** Here is a mini-series explaining AAA

Authentication – Who Do You Let In?

Authorisation – It Shows You Care.

Accountability – It Shows You are Watching.

Photo by Pixabay

Contact us for consultation

Wake up to cyber threats..

Back to Basics (4) – Password Sharing Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close