Skip to content

Hit enter to search or ESC to close

How many times have you received a phone call or an email from a manager in your group requesting the password of an employee to allow them to log onto their email account?

This request is typically issued when an employees is on annual leave and a call is received from a client or co-worker wishing to know if they have completed a request sent before they left. More often than not a client has sent an email to their account manager before they went on vacation, but it was accidentally neglected.

Access to the email account is crucial to prevent embarrassment or to ensure that a sales opportunity is not lost. Maybe the specific employee has failed to configure their "Out of Office" reply and clients are not aware that they need to get in touch with a different person to get their questions addressed.

In years past, managers used to maintain a log of all users’ passwords in a file on their computer. Should an emergency occur, they could discover the password and access any user account. However, this is dangerous. Nowadays, this is not an acceptable thing to do. It also compromises the privacy of employees. If any other person knows a password, there is nothing to prevent that person from using those login details any time they like. Since passwords are often used for personal and work accounts, sharing that password could compromise the individual’s personal accounts.

Keeping lists of passwords also makes it more challenging to take action over inappropriate internet and email usage. If a password has been shared, there is no way of ascertaining whether an individual has broken the law or breached company policies. It could have been someone else using that person’s login credentials.

IT workers are, therefore, not allowed to share passwords. Instead, they must reset the user’s password and create a temporary one, which the user will need to reset when they go back to work. Many managers will be ill at ease with these procedures and will still want to maintain their lists. Workers will be unhappy as they often use their work email accounts to send personal emails. Resetting a password and sharing manager access could be perceived as a major invasion of privacy.

However, there is an easy solution that will ensure that the privacy of individuals is assured while forgotten Out of Office auto-responders can be created. Crucial emails will not go unnoticed either. To complete this you can establish shared mailboxes, although these are not always popular.

If this is done in Outlook, a manager may need to set it up in their Outlook program. It will also be a requirement for them to guide staff members how to use the shared mailboxes, and policies might need to be devised. They may have to keep the mailboxes of multiple teams open in Outlook permanently.

There is a different option, and that is to share permissions. It is more difficult to set up this control as it requires an MS Exchange Administrator to allow Delegate Access. Using Delegate Access will make it possible for a person with the appropriate authorizations to share an email on behalf of another staff member. This means mailboxes do not have to be accessible all the time. They can just be opened when an email must be sent. This may be perfect, but it will not allow a manager to implement a forgotten Out-of-Office auto-responder.

That would mean a member of the IT department, such as a domain manager, would have to create it. A ticket would need to be filed requesting the action to be completed. This may not be desirable with managers, but it is the only way for the task to be completed without sharing the user’s login credentials or creating a temporary password that would breach their privacy.

Groups must tackle an ever-growing threat from hackers. In 2019 and 2020, we witnessed many high-profile data breaches, leading to significant financial repercussions and damaged brand reputation. Password-sharing at work comes with a massive danger for groups. 81% of breaches begin with stolen or weak passwords. When cybercriminals obtain entry to your database, shared passwords make it easier for them to access other sections of your network.

Multi-Factor Authentication to Prevent Password Sharing

When MFA is configured, access is only allowed when the user approves the use of two authentication factors. For instance, they initially complete the password process and then must complete another authentication request. This could be a code sent to a device. Multi-factor authentication, like any security process, works best when employed along with other security strategies.

If a complete ban on password sharing in not in place in your organization, it must be set up as soon as possible.

Talk to our Team today

Talk to our Team today