Sharing User IDs and Passwords

Answered by:

Question:

Is sharing a user ID and password (provided by a service provider) acceptable for commercial and subscription-based applications? Sharing of user-level access is generally prohibited within the corporate and other secured environment.

Answer:

It is never a good idea to share user IDs and passwords. If the access provided by an ID/password combination is to confidential information or to the ability to add to or edit existing confidential information, there are reasons that IDs and passwords are issued on a restricted, non-shared basis. In particular, proper use of ID/password combinations by only the individuals to whom they are assigned can help control levels of access on a need to know basis. It can also provide accountability when errors are made or data is compromised. Records of who accessed a system can help determine who, when and where mistakes were made.

User IDs and passwords can also help control access to proprietary information to which access is sold. For example, access to an archive copy of copyrighted webinar recordings can be sold on a subscription or other basis; unauthorized sharing of the ID/password combination would be a form of theft.

First published on BankersOnline.com 10/11/10

Sharing User IDs and Passwords

Related Q&As

This Week's Featured BOL Technology Guru QuestionMonitoring an Online Banking Web Site

How Do Customers Use Online Banking?

Application Service Providers

Related Tools View All

Website Checklist

Information Security Access Assessment

Reg E Calculator & Liability Calculation Tool

OFAC Updates View All

Sanctions List Search

Specially Designated Nationals List (SDN)

Sanctions Programs and Information

Search Topics