How to Safely Share Passwords With Friends and Family
We’ve all been told countless times to never share your passwords . Not even with your nearest and dearest. This is excellent advice, but it’s not always practical. That’s why we’ll be showing you how to share your passwords while keeping your accounts secure.
As a word of caution, sharing your account details is generally a bad idea. What starts off as a declaration of trust can quickly lead to security issues, secrets being shared publicly, and hijacking of your accounts when a relationship turns sour .
But this isn’t the only issue. If you share your Facebook password with your partner, or your email password with your spouse, you are betraying the trust of everyone you correspond with. Private messaging via email, WhatsApp, and through social media platforms is built on the trust that only the recipient reads the messages. By giving other people access to these private messages, you are violating the trust of those who believe those messages are only read by you.
Enough with the downsides of password sharing, though. We all know the score. What about those times when you will be sharing your password?
When You Might Want to Share Your Password
There are a few situations where you may feel it necessary or desirable to share your passwords including:
- Paying household bills
- Sharing music and video streaming services like Netflix, Spotify, and Hulu with your family
- Sharing Wi-Fi passwords with your housemates
- Sharing cloud storage accounts like OneDrive, Google Drive, or Dropbox, with your other half
- Having access to your children’s social profiles
- Having clients send you FTP, SSH, and MySQL passwords
In some of these situations, people have become used to writing passwords in a notebook. Other times, people are sending their passwords via email.
Neither of these options are secure. Especially if your username and password are displayed together. Notebooks can be accessed by anyone who rifles through your home. Emails are not encrypted, and are sent through multiple servers where the messages could be intercepted.
What should you do instead?
First, Protect Yourself
Before you share any passwords, you should protect yourself. Almost all of your accounts will be linked to one of your email addresses. If you lose your password, you can usually request a password reset link to be sent to that email address. This means that even if someone gets hold of your Amazon password, you still have the power to change that password.
But if the “intruder” also has access to that email account, they have all the access they need to completely hijack your account. So to protect yourself, follow these two pieces of advice.
Have a Master Email Account
It’s extremely important to have at least one email account (your “master account”) to which your online accounts are linked, which only you have the password to. This protects you in case a relationship turns sour. It also makes you less susceptible to identity theft. The credentials to this account should not be shared with anyone!
Set Up Two-Factor Authentication
To make your master account (and any other accounts) even more secure, set up two-factor authentication (2FA) where possible. 2FA is an extra layer of security where ultimate control over your account is linked to at least two things. This is usually one thing memorized (your password), and one other thing that only you could have access to.
For many accounts this will be a security code sent to your cellphone (for banks, these security codes are usually generated by a card reader). Where possible, you should set this up. This ensures that even if someone gains access to your master email account, you can still regain control of your accounts by requesting (usually) a security code that will be sent to your cell phone.
Now you’ve protected yourself with one or both of these steps, let’s look at how you can share your passwords more securely.
Share Passwords Via Email (Security: 7/10)
One decent (but not perfect) option is to send an email with the password attached within an encrypted, password-protected file. This is easily done.
First, both you and the recipient should download and install either 7-Zip (free on Windows) or iZip (free on Mac). Both of these programs support AES encryption. To encrypt and decrypt the file, both you and the recipient must have a program that supports this form of encryption.
For Windows Users
Step 1: Download and install 7-Zip.
Step 2: Type only your password into a text file (you can use Notepad for this), and save the file to your Desktop.
Step 3: Right click the file > select 7-Zip > click Add to Archive.
Step 4: In the window that appears, Archive Format should be ZIP. Encryption Method should be AES-256. Now you can enter your password, and click OK. Save the zip file to your desktop.
Step 5: Attach the new zip file to an email, and send this to your recipient. An even more secure (but optional) choice is to send the password-protected file through Sendinc (both the sender and recipient will need an account). This is a cloud-based service that allows you to send up to 20-messages per day for free (premium options are available). Each email is protected with “military grade encryption”, and is destroyed after seven days.
Step 6: Tell the recipient how to figure out the password over the phone, or via a secure private messaging program , such as Skype-to-Skype instant messages. This should be something only both of you know. This could be a combination of birthdays, social security number, etc.
Step 7: Once the recipient downloads the file, they simply have to right-click the file, choose Extract then enter the password.
For Mac Users
Step 1: Download and install iZip.
Step 2: Type only your password into a text file, and save the file to your Desktop.
Step 3: When you open iZip, click Create Archive. Choose a name for this archive, and click Create, then click Next.
Step 4: Select Enable Password Protection, then enter your chosen password, and click Next.
Step 5: On the Encryption window, select the AES-256 option, then click Next.
Step 6: Drag and drop the text file containing your password onto the iZip window, and click Next. The password-protected zip file will now be saved to your Desktop.
Step 7: Attach the new zip file to an email, and send this to your recipient. As mentioned in the last section, an even more secure option is to send the password-protected file through Sendinc (both the sender and recipient will need an account).
Step 8: Tell the recipient how to figure out the password over the phone, or via an encrypted private messaging program, such as Skype-to-Skype instant messages. This should be something only both of you know. This could be a combination of birthdays, social security number, etc.
Step 9: Once the recipient downloads the file, they simply have to right-click the file, choose Extract then enter the password.
Using a Password Management Service (Security: 9/10)
There are several password management services that offer password-sharing features. These include LastPass, PassPack, and 1Password (Mac only). The instructions below are for sharing passwords using LastPass.
LastPass is the most reputable service that allows you to share your passwords without the recipient ever seeing those passwords. This is by far the best option, though it does require you and the recipient to have a free LastPass account. If you’d also like to sync your passwords to your smartphone , you’ll have to pay for a Premium account.
The password sharing features offered by many other services simply store your passwords securely, while allowing your chosen family or friends to also access some of those passwords.
To share a password with a friend or family member with LastPass, follow these steps.
Step 1: Sign up for a free LastPass account. When prompted, download the LastPass software. Both you and the recipient must be LastPass users; so both of you should follow these first few steps before sharing any passwords.
Step 2: When installing the software, you will be asked if you want to install LastPass to your browser. Select which browser(s) you would like to install LastPass to.
Step 3: When the installation is complete, reopen your browser. You’ll be prompted to log in to LastPass. When you’ve logged in, the LastPass icon will be to the right of your URL bar. Click this, then click My LastPass Vault.
Step 4: Your LastPass vault is where the passwords for your various online accounts will be stored. Go ahead and click the Add Site button, in the bottom right of the screen. A popup window will appear. This is where you add the relevant details for the account you want LastPass to store. In this case, add the account that you want to share, and click Save.
Step 5: The account you just added is now in your LastPass Vault. To share that account, click on the share button, as shown below. In the popup, enter the email address of the person you want to share the account with. DO NOT select the Allow Recipient to View Password box, unless you specifically want them to see your password. Click Share.
Step 6: If, as mentioned earlier, if the recipient has a LastPass account, the account you just shared will now be accessible to them. If they do not yet have an account, LastPass will alert you, and you can send them an email invite. Try this step again when their account is active.
Step 7: Repeat step 4 to add any other accounts you want LastPass to store securely. Repeat step 5 to share any of those accounts.
To disable the recipient’s access to any of your accounts, go to Sharing Center > Shared With Others, then click the “X” next to the relevant account to remove the relevant permissions.
From The Recipient’s Side
When you share a password with another LastPass member, they must click to accept this “confidential information” in their account. Then, when they visit the relevant site, they simply click the LastPass icon on the sign-in form and select the account that’s been shared with them. The username and password will be entered automatically, as shown below.
If the recipient tries to copy and paste your password so they can see it, this will not be possible provided you did not select the Allow Recipient to View Password during the sharing process.
A Word of Caution
There is no 100% safe way to share passwords. When you share passwords in an encrypted file, there’s always the small possibility the file could be compromised. When you share via a password sharing service like LastPass, if your LastPass account is hacked, much of your sensitive information could be in the wrong hands. That’s why it’s especially important to have a truly strong master password that nobody else knows. And to set up two-factor authentication where possible.
If you fall out with someone, revoke his or her access to your accounts immediately. And if they knew any of your passwords, change these to something secure. Sharing online banking login information is never recommended. If you really do need to share bank accounts, set up a joint account with your bank so you can both have individual access.
Whatever passwords and online accounts you do share though, be aware of the risks involved, do so sensibly, and use services that you trust.
If you’ve previously shared passwords via email, has this article made you think twice?