Don't Share Your Password, Even with Co-Workers

If you want a co-worker to log in to your laptop or e-mail, or to access a shared folder, your calendar, phone extension, voicemail, or other online application or resource, don't share your username and password!

Instead, always use the built-in delegation or sharing function of whatever you want to share, and grant permissions to the other person. Select the other person's user name or e-mail address, and specify what permissions that user should have (such as read-only vs. edit).

But how do you do this? Well, every app requires different techniques. Delegating access to your Google-hosted mailbox is very different from sharing a Microsoft OneDrive folder, or your calendar in Microsoft Outlook. In some cases, sharing or delegation is best done by your IT support provider in the administrator's console for the relevant resource. To allow someone else log in to your laptop, you should create a new user account on the laptop for that user. If you're not sure how to do any of this, contact your IT support provider for help.

By doing it the proper way:

  • You won't have to deal with problems that arise when a second form of authentication is required (such as a confirmation prompt on your phone) for someone else to log in using your identity.
  • You retain control of your identity in relation to these resources and apps; your co-worker will access your resources using his own identity using only his user name and password. If he uses yours, think about the problems you'd face if the system decided it's time for you to change your password, and your co-worker is the one that gets that prompt!
  • You don't need to worry whether, with the password you gave him, he can access other resources of yours that you didn't intend to share, either by browsing around in the system you let him into, or by trying your password on other accounts.
  • When needed, you can remove his access without having to reset your password.
  • You foster an environment of attentiveness to information security in your organization.

For more information, use these links: