“Alice sends the message by encrypting it with Bob’s private key”
- from Microsoft Official Curriculum training material for Windows Server 2003.
Because of this one sentence, we know that Alice and Bob share a less-than-casual relationship, and could send secret messages to one another in pillow talk at night, without needing cryptography.
But seriously, sharing your passwords with other people is truly a bad idea.
Way back when, I was asked to find out who was causing the SQL Server to fail over to its secondary server. [Jargon translation: Something somewhat bad, but not fatal, was happening, and I had to find out who did it, so as to stop it from happening]
I found out who was causing it, and reported back: It’s this guy called “SQLAdmin”.
Yes, a shared account, with shared passwords. So the re-education camp trip was applied to the whole team.
Not really, but the team did have some questions to answer as a whole, where it would have been far easier to just address the one person responsible.
If things get more serious – an example would be an investigation into fraud, for instance, you don’t want to be put in the position of having to demonstrate that you aren’t actually the only one who uses your account, so that you can clear your name.
But what about convenience?
It honestly isn’t worth it. You may think it’s awfully clever to give your sec^H^H^Hexecutive assistant your password so that they can access your files, but it’s actually far easier just to open those files up for access, or have the IT department do it for you.
No, your password is yours and yours alone, with one shining exception that I’ll get to later this week.