How to Securely Share Passwords for Remote Workers

April 07, 2023 •

https://tigerteamx.com/blog/posts/how-to-securely-share-passwords-for-remote-workers-2/remote.jpg

Since the outbreak of COVID-19, more and more businesses have moved their operations online. Even large companies are having their employees work remotely. Admittedly, this has its fair share of perks but also some vulnerabilities.

Most significantly, when employees need to share passwords to company infrastructure, they tend to adopt the easiest means of doing so. For instance, they could shoot each other a quick SMS bearing the password. This risks unauthorized access by malicious individuals, which could leak sensitive data.

Why is secure password sharing so important for team communication?

Sharing a password securely ensures that only approved users can access company and client data. This way, remote teams can work seamlessly without worrying about security concerns.

Additionally, it enables IT and management to track who has access to what data in real time. It means they can terminate access for employees who have left the company or third-party contractors whose projects have ended.

How to share passwords remotely?

When you need to access some company software quickly, you'd be tempted to request the password from a co-worker via SMS, Slack or other commonly used means. However, when sending passwords this way, hackers could intercept such plain-text communications and wreak havoc on company systems. Here are some tips on how to share passwords securely.

Don't share passwords through email

Email is the most commonly used medium for business communication. However, it is easily intercepted, as messages sent through email aren't encrypted. Therefore, sending passwords and other sensitive info this way would be risky, as they could fall into unauthorized hands.

Use secure password managers

There are numerous password managers in the market. When choosing one, you should look out for security features such as:

  • Multi-factor verification
  • Regular vulnerability checks
  • Comprehensive audit logs

Implement a good password management solution

In addition to ensuring security, a good password manager should also provide convenience to the users of the restricted access systems. For instance, it should allow sharing of passwords between individuals as well as groups of people. Additionally, each employee should be able to see who they've shared passwords with. The management or IT should also be able to see how these passwords are shared.

Create shared team folders for access control

Sometimes, when working with a team, you may need to share some login credentials with your co-workers. The best way to share passwords in such a situation would be to use a shared folder. You can then keep the credentials safe by limiting access to this folder.

Device-level encryption

We established earlier that hackers often intercept emails, SMS, and other plain-text communication. If such messages contain sensitive information such as passwords, a hack could cause severe financial and reputational damage to the company.

To prevent this, you could encrypt such messages before sending them. This way, the data they contain is unintelligible to anyone other than users with the encryption key. You could also encrypt each employee's device to prevent data loss from unauthorized breaches.

With Duckist.com, you can share passwords securely on your browser before sending them. It means nobody else, apart from the intended recipient, can access them, not even the personnel at Duckist. These messages also self-destruct. This way, in the event of a breach, hackers get an expired link rather than your secret message.

It is important to note that Duckist is not a password manager, but a web-based tool for securely sharing sensitive information like passwords. Most password managers can prove challenging to maneuver, and bring about some risks as well.

VPN to secure Internet connection

Using public WiFi and other unsecured networks for remote workers could easily leak passwords and sensitive data to malicious hackers. To prevent this, virtual private network (VPN) software masks their IP address, hiding them from prying eyes. A VPN encrypts data by rerouting your connection to servers located in other states or countries.

Implement regular network security monitoring

Sometimes, even after taking measures to share passwords securely, they may still leak to unauthorized hands. At this point, a sound network security monitoring system is your last line of defense. It can help you detect breaches and other suspicious behavior as soon as they happen. As a result, you can take appropriate measures to prevent data loss before the damage is done.

Choose tools with built-in security for communication

Common communication tools such as email are hazardous for sharing sensitive data, as they are not encrypted. Ideally, you want to share passwords and private data through encrypted platforms. You can easily find such platforms on the internet, the likes of Signal, Threema, Telegram and several others. However, appropriate due diligence will help you choose the best fit for your business.

Have an up-to-date antivirus software

Usually, hackers target businesses through viruses, malware, ransomware, and other harmful software. An updated antivirus helps detect and block such attacks, ensuring the safety of your passwords and data. New viruses are constantly being developed, so it's prudent to keep your antivirus up-to-date.

Train your team

The most common hacking technique that is often successful is social engineering. This is where hackers manipulate unsuspecting employees into exposing sensitive information or spreading their viruses. To avoid these, train your employees on the dos and don'ts of sharing company data with strangers.

Summary

A common temptation when sharing passwords at work is using email, WhatsApp, or SMS. However, these plain text communication ways can be intercepted and passwords leaked. To prevent this, employ a good password sharing solution. You can also use VPNs and updated antivirus software for further protection. Alternatively, you could encrypt messages or even communication devices themselves before sending them. Lastly, train your team on how to avoid social engineering exploits.