About 20% of our clients request that employees use a specific password for their computer/email or that they let managers know what their passwords are and they keep a list of employee passwords. The reasons for this seem logical – managers want quick access to their employees emails or files when they are out of the office. But the effects of this type of policy can be harmful to the health of your business.
Here are 5 more reasons why you shouldn’t know employee passwords:
- So you have your employees computer password. What is keeping them from changing it just after they give it to you? Would you fire them for not keeping you updated with the correct password? Do you need one more thing to worry about and manage? What if you lost or someone stole the list from you? Chances are that you have more important things to worry about with your employees.
- With most companies that have this policy, employees are LESS concerned about selecting a secure password and will often use passwords which can easily be guessed – like ‘12345’. This really puts your organization at risk from hackers and other people who would seek to exploit this weakness and gain access to those systems.
- It does not hold employees accountable. If you have common passwords, or even a list, you cannot guarantee that an employe is the only person with access to their files/email. What if someone used a known password to gain access to your email box and sent a threatening email to your largest customer? You would have no way of knowing who actually sent that email and the outcome would be very frustrating.
- It is very easy for system administrators to reset passwords. If you do need access to their computer account, it is very easy to change the password. This also lets them know that someone needed that access.
- If you need access to their information, chances are that it can be “shared” with you and you can access it with your own password. Setup email delegation for access to their email.
Within your employee handbook, you should have a technology section. Within that section, you should have a specific policy on passwords that should include:
- Employee passwords should meet complexity requirements
- Passwords should be private and not shared with anyone
- Employees are responsible for keeping their passwords safe and secure.
Please give us a call if we can help you review and revise your password policy.