Despite the fact that it’s not a very good idea, people share passwords a lot. Streaming service credentials? Yup, people pass those around quite a bit. And at work, people frequently share login information for shared services — also not a super-great idea. When people do this, they usually share said PWs via an insecure format — typically through email, Slack, an Excel sheet or Word Doc, or some other platform or medium that could potentially be compromised.
Well, a new service offered by password manager 1Password now helps you share your login credentials securely — or, at least, more securely than you would have been sharing them before.
The new feature is appropriately called PSST, an acronym that stands for Password Secure Sharing Tool. PSST generates a secure link that can be used to share information directly from your 1Password account with anybody — even if they don’t have an account with the company. The links are customisable — meaning you can choose who has access to the link and how long it will be available. For instance, the company says you can set a link to expire after a day, an hour, or “1 view,” — or you can prolong its duration for up to a month. If you don’t set an expiration date, the link will automatically expire in seven days. Similarly, the link can be customised so that only people with specific permission have access to it. If this is the case, a user will be prompted to enter their email address — and will subsequently be sent a one-time verification code, which allows them to access the link and view the shared information.
“We know that at home and at work, people are sharing secrets like passwords and API keys through insecure methods. 76 per cent of families reported sharing passwords insecurely by writing them down or sharing them in a chat or spreadsheet, for example,” said Akshay Bhargava, 1Password’s Chief Product Officer. “According to 1Password research, 48% of companies use a shared document or spreadsheet to store and manage enterprise secrets. 59% of workers share secrets over email. 81% of IT and DevOps workers (VP and above) reuse secrets between projects.”
Yeah, that’s a lot. For people who are 1Password users, the company has provided a step-by-step rundown of how to enable its new feature. It’s pretty straightforward and easy to use, so I suggest you check it out if you’re guilty of reckless password sharing. (You are.)