There will come a time when you will need to grant access to one of your software account login credentials.
When a new client comes to us for help with their website we will need to access one or more of their accounts.
There can be many items that we may need access to:
- Domain registration
- Email marketing
- WordPress dashboard
- Payment process
- Premium plugin
- and so on
Knowing who to trust with your master password and when to share is one of the many worries of many of my clients. There are a few things to keep in mind when sharing passwords.
- First, never share passwords through email or text. These are not secure methods of communication.
- Second, use a password manager to generate and store passwords. This will help to keep your passwords safe and secure.
- Finally, make sure to use strong passwords that are difficult to guess.
There will come a time when you need to allow access to your accounts. So, how do you safely share passwords and access to your accounts?
Method 1: Create a new account for the user
The safest way to share access is to give the user their own set of credentials. This approach avoids security issues that can arise from sharing one password.
With this method, you never have to give access to your master set of credential. And you can delete the account when access is no longer needed. WordPress allows you to create a user account and can automatically notify the user by email. By setting new accounts, you choose the level of access that you feel comfortable sharing.
Hosting providers allow you to create a different type of access known as SFTP/FTP. Sharing with this method gives your support provider access without allowing full access. When sharing master credentials, make sure the password is not used for any other account.
And always change after the access is no longer required.
Method 2: Grant access through collaboration
Many software and account providers now allow you to grant users access to your accounts.
There are times when a person needs access but you want to protect as much as possible on the account. Often times that billing information.
Stripe (and PayPal) allow you to create a user account that can access information they need without seeing all your financial data.
Granting access allows the vendor to get the information they need by having their own account. This is also helpful when you have two-factor authentication on a site.
Two-factor authentication adds another layer of security to the login. Which can be cumbersome when sharing account logins. Most of the web services we now recommend to clients allow for granting access. This makes it easier and more secure.
Before sharing your master information see if sharing access is an option.
Method 3: Use a password manager
Using a password manager is great for more than sharing passwords. Password managers allow you to generate and save strong and passwords. Most also allow you to share and send your credentials securely to your contacts.
With the share option, your vendor will get a key to use instead of the credential itself. Which protects the integrity of your information,
Our favorite, LastPass allows you to share, create strong passwords and more.
They have a notifier to for duplicate and weak passwords. Besides sharing access, you can set parameters like expiration or revoke access when access is no longer needed.
Always share securely
These are three easy methods to share access to your accounts but there will come a time when you need to send your credentials.
When that time comes be sure to share using a service like 1ty.me or another message encryption app. Never send credentials (or other sensitive information) through email.
If you need to send master credentials, be sure it’s a unique password that is not used for any other of your accounts. When access is no longer needed. Change it.
One final piece of advice, if you don’t feel comfortable sharing – don’t. Discuss it with the person providing the help and get reassurances to keep your information safe.