Never Tell Anyone Your Password, Even IT Staff

As harmless as you might think sharing your password for your various accounts is, it’s a major security risk and should never happen, similar to using the same password on multiple accounts.

But why is it a security risk? Surely, as long as you share it with someone trustworthy, like a friend or IT professional, it shouldn’t be a big deal, right?

The problem isn’t whether the person you are sharing it with is trustworthy, it’s how you shared it and who else could possibly steal it without your knowledge or consent.

And yes, even though your organization hires IT professionals to safeguard your network, there’s always the possibility — even if it is unlikely — that someone steals it from them.

IT Staff Never Need to Know Your Password

There is no reason for an IT professional to know your password. Most IT support that is needed can be solved remotely without knowing your password.

Not only does an IT professional never need to know your password, but an IT professional should never want to know your password.

Knowing a password means if there was an attack, the “leak” could be traced back to the IT professional who knew your password.

No IT professional wants to be accused or even have the possibility of being accused of acting as you. So, the safest way to avoid any accusations is to never ask for your password.

“A password is like your house key. If you share that password with someone else, even an IT professional, you are essentially making a copy of your house key and handing it over to someone else.”

Hackers Will Pretend to Be IT Staff

Another reason you shouldn’t share your password with IT professionals is hackers will pretend to be your IT professional to get your sensitive data.

A common phishing attack, hackers will send out emails pretending to be your IT staff telling you they need to access your account to fix an issue or update software.

They weaponize the trust you have in your IT team to get you to hand over personal information or passwords.

All it takes is one employee to respond to a “legitimate” email or phone call, and now your entire network is compromised because you’ve handed over your password to an attacker.

Be skeptical of messages from your IT staff that ask for your password.

Even if You Know Them, Don’t Share Passwords

You may be tempted to share passwords with friends, colleagues or IT staff if you personally know them. If you are comfortable with them and know they are looking out for you and your best interests, they would never use that against you, right?

As noted earlier, the trustworthiness of a person isn’t the issue, the issue is creating more entries for attackers to access your network.

A password is like your house key. If you share that password with someone else, even an IT professional, you are essentially making a copy of your house key and handing it over to someone else.

Even though that friend or IT professional has no intention of breaking into your house, there is the possibility of misplacing that key, and now a hacker has access to your house.

As a general rule, IT professionals will not ask for your password, and if you think an email or phone call is suspicious, ignore it or hang up and contact your IT staff or managed service provider directly.

Remember, scammers contact you first. So, if the first correspondence you have with your IT staff or MSP is asking for a password, that should raise some red flags.