One of your co-workers keeps all the passwords in an Excel sheet? Another – in Word document? And you’re somewhere in between questioning the safety of such practises?
Well, 40% of all organizations store their passwords in spreadsheets in a fully readable format. And this puts their sensitive data at serious risk.
So why is storing and sharing passwords in plain text dangerous?
Let’s clear things up.
What is a plain text password?
A plain text password (or Plaintext, or Plain-text) is a way of writing (and sending) a password in a clear, readable format. Such password is not encrypted and can be easily read by other humans and machines.
And, I repeat, 40% of organizations keep their passwords in plain text.
We see this negligence in so many, even well-known, companies that store their users’ data readable to others (as in Facebook case), and data breaches, that happen due to unprotected passwords in clear text (as in T-Mobile Austria).
Well, someone has to start educating.
Risks of storing and sharing passwords in plaintext
Anyone can read it.
Let’s start with the obvious. If you store a password in clear, readable text, anyone who has (un)authorized access to your account or device can read it. And if that person is a hacker who has just broken into the database, your sensitive data now belongs to him.
It’s an easy win.
Sharing passwords in a plaintext via email comes with a price. Usually the price is the man-in-the-middle attack. It happens when data travels from a sender’s device to receiver’s device, and in between them, the attacker gathers all the shared information, including unencrypted passwords.
A hacker wouldn’t get anything, if a password would be encrypted while sharing.
Less guesses for a hacker.
65% of Internet users reuse their passwords and put their data into extreme risk – many accounts get hacked due to a single compromised readable password. Want to know why so many accounts get hacked at once? Well, it’s easy for a hacker to try that nice readable password he just got on other popular platforms as well.
Private data belongs to you
Your private data belongs to you. Not to all those companies who store your passwords in plain text and put you at risk, every day. Still hard to believe it exists in the 21st century? Check some user-generated evidence here.
Solutions for secure storing and sharing passwords
First and foremost, make sure that storing and sharing passwords in plain text is no longer your (and your colleagues’) habit. Instead, build some new ones!
- For storing passwords, forget all those sheets, notepads and Sticky notes – use encrypted password storage. With it, none of your data is stored or sent in a readable format, therefore, hackers have no possibilities to reveal them.
- For sharing passwords, emails, Slack and social media chats are no longer the option – there is a secure way to share them. By implementing it, your shared data cannot be compromised neither during the sharing process, nor after the receiver gets it.
- For the sake of privacy, never ever reuse passwords. This way, even if a random account gets compromised (due to negligence of some company), none of your other sensitive data becomes vulnerable.
In the end, even if we can’t do anything to prevent carelessness of other companies from storing our data in a readable format, we ourselves can do our homework and minimize the risks by implementing secure password storing and sharing practises.
Looking for a secure environment for storing and sharing passwords?
Try out PassCamp, an encrypted password manager, designed for your ultimate data security.