Share Access, Not Passwords
February 14, 2019
We all know sharing passwords is unsafe. And yet, nearly every week, Biola employees log in to a coworker’s computer or email account.
Why? Because we need to get our work done. And we trust each other.
This is a security risk. Fortunately, IT has solutions.
The Bad News
Any actions taken using your account, good or bad, are your responsibility. Accounts provide accountability — they track who did what, when. Consider these situations:
- If someone knows your password, they can expose it to others. When you share it, it’s no longer in your control.
- If anyone does something negligent or malicious while logged in to your account, you will be implicated.
- If anyone does something negligent or malicious while logged in to their account, and you know their password, you will be implicated. After all, you had access.
- If an employee leaves your department, every password they had access to must be changed—a headache to manage.
The Good News
Fortunately, we can maintain accountability and share access without sharing passwords. Here are some examples:
- Delegate email access: Google mail (and other services) allows you to delegate access to other users without having to share passwords. When an employee no longer needs access, you can easily remove them.
- Share files: If you need to share documents and files, share using Google Drive. It’s secure, and it keeps track of changes made so you can revert to prior versions.
- Let multiple employees use one computer: Separate accounts can be set up on one computer, so each employee retains their own settings and permissions whenever they log in. IT can help you find the best solution for your team.
Contact the Information Security team at firstname.lastname@example.org if you need help with delegated access or reviewing your business process.