There will come a time when you will need to grant access to one of your software account login credentials.
When a new client comes to us for help with their website, we will need to access one or more of their accounts.
There can be many items that we may need access to:
- Domain registration
- Email marketing
- WordPress dashboard
- Payment process
- Premium plugin
- and so on
Knowing who to trust with your master password and when to share is one of my clients’ many worries. There are a few things to keep in mind when sharing passwords.
- First, never share passwords through email or text. These are not secure methods of communication.
- Second, use a password manager to generate and store passwords. This will help to keep your passwords safe and secure.
- Finally, make sure to use strong passwords that are difficult to guess.
There will come a time when you need to allow access to your accounts. So, how do you safely share passwords and access your accounts?
Method 1: Create a new account for the user
The safest way to share access is to give the user their own set of credentials. This approach avoids security issues that can arise from sharing one password.
With this method, you never have to give access to your master set of credentials. And you can delete the account when access is no longer needed. WordPress allows you to create a user account and can automatically notify the user by email. By setting new accounts, you choose the level of access that you feel comfortable sharing.
Hosting providers allow you to create a different type of access known as SFTP/FTP. Sharing with this method gives your support provider access without allowing full access. When sharing master credentials, make sure the password is not used for any other account.
And always change after the access is no longer required.
Method 2: Grant access through collaboration
Many software and account providers now allow you to grant users access to your accounts.
Sometimes, a person needs access, but you want to protect as much as possible on the account. Often times, that billing information.
Stripe (and PayPal) allow you to create a user account that can access the information you need without seeing all your financial data.
Granting access allows the vendor to get the information they need by having their own account. This is also helpful when you have two-factor authentication on a site.
Two-factor authentication adds another layer of security to the login, which can be cumbersome when sharing account logins. Most of the web services we now recommend to clients allow for granting access. This makes it easier and more secure.
Before sharing your master information, see if sharing access is an option.
Method 3: Use a password manager
Using a password manager is great for more than sharing passwords. Password managers allow you to generate and save strong passwords. Most also allow you to share and send your credentials to your contacts securely.
With some share options, your vendor will get a key to use instead of the credential itself. Which protects the integrity of your information,
Our favorite, Bitwarden, allows you to share, create strong passwords, and more.
My favorite is the use of biometrics to unlock the password manager, use it across all my devices, and the ability to test passwords for strength and monitor vault health reports for additional layers of protection.
Always share securely
These are three easy methods to share access to your accounts, but there will come a time when you need to send your credentials.
When that time comes, be sure to share using a service like 1ty.me or another message encryption app. Never send credentials (or other sensitive information) through email.
If you need to send master credentials, be sure it’s a unique password that is not used for any other of your accounts. When access is no longer needed. Change it.
One final piece of advice, if you don’t feel comfortable sharing – don’t. Discuss it with the person providing the help and get reassurances to keep your information safe.