Our Blog

Password Sharing

By: | Tags: | Comments: 0 | January 19th, 2018

I’ve found a new hobby. I’ve started stopping my car in the street, getting out and letting some random person jump in the driving seat and drive off. It’s brilliant because you never know who’ll get in the car, what they’ll do once they’re in the car, how many penalty points they’ll accumulate and what damage they might cause. I’m well aware when I allow this to happen that I’ll be responsible for anything they do but I do it anyway.

As you can probably tell I’m being facetious. Much like sharing passwords, this is clearly a bad idea and with the same sentiment why would you hand over your password to anyone? Why would you let them take charge of your digital footprint as if they were you?

Permissions and delegated access are there to allow the correct staff to the correct content. it may be frustrating to go through the correct channels to ensure the right staff have the right access levels but it’s essential. Password sharing is not delegation, its stupidity and laziness. It seems that there are some who think their position or standing in their organisation entitles them to legitimately share their passwords with their staff and colleagues without having the consequences to deal with. They fail to realise that the excuse of “It wasn’t me it was my staff” won’t be a valid one. They fail to understand that if their login is used they’re responsible for the actions taken. When it comes to auditing it’s accepted that the actions taken by an authenticated user are the actions of that user and it’s nigh impossible to prove otherwise.

There have been some recent high profile instances where the defence has been that of shared passwords. What do they think user authentication is for if not for accountability? It’s not just an additional barrier the pesky IT department put in place to slow you down. It’s an essential aspect of information governance. We have it drummed into us as NHS employees regardless of being band 1 or band 9 when we do our IG training that passwords must not be shared. It leaves me dumbfounded that sensible intelligent people think sharing passwords is ok to do.

The inventions of other forms of authentication are becoming more prevalent but many of these are still in their infancy and still require a password alongside them. Even giants of technology such as Apple have been incapable of producing a fool proof alternative to passwords. This has been proven recently with their face unlock feature which could be unlocked by a surprising number 3rd parties. Passwords for the time being are here to stay and certainly here to stay in the NHS.

Alex Cole

LHIS Cyber Security Technician 

Leave a Reply