undefined | Better HN

0 pointsamelius5y ago0 comments

I have the feeling that password sharing is only unavoidable in a company that doesn't care much about security.

Any company that takes security seriously would, I suppose, have personal passwords as a strict requirement. They wouldn't use services that can't comply with this requirement.

0 comments

3 comments · 2 top-level

gboone5y ago· 1 in thread

Not necessarily true.

In the health insurance industry, for example, many insurance portals offer one account that has to be used by a team. And, in a team scenario where all staff need access to all third party vendor accounts, it can be simpler to share the one password rather than manage 10.

For on site systems under a company's control, they can enforce the policies. But third party resources are where the limitations are. It's not the company that's minimal on security hygiene, it's the non-tech vendor in many cases.

ameliusOP5y ago

> In the health insurance industry, for example, many insurance portals offer one account that has to be used by a team.

Sorry, but are you kidding me? Do these companies pass security audits?

This only shows that security is near the bottom of the priority list for these companies, probably right above privacy.

oarsinsync5y ago

There’s also a difference between password sharing and shared secrets. Sometimes you need something that is like a password, and needs to be shared amongst a team.

One example would be an inter-company IPSec VPN PSK.

j / k navigate · click thread line to collapse