PersonalBusinessDownloadPricingHelpBlogContact
Get Started
Log In
PersonalBusinessDownloadPricingHelpBlogContactBusiness SalesGet StartedLog In

The Bitwarden Blog

What is the right way to share passwords?

authored by:

Gary Orenstein

posted on:

May 19, 2020

hashtagWhat is the right way to share passwords?

In our internet-connected world, sharing passwords should be safe and secure. So what are the best ways to share passwords? We’ll walk you through the most secure ways to share sensitive information and help you regain control over your digital privacy.

hashtagHow not to share passwords

First, let’s quickly review some of the common ways we all might, but probably should not, share passwords…

  • Email: most email is not encrypted and is often saved in multiple places, so it’s best to avoid email as a password sharing mechanism

  • Notes Apps: most note-taking applications are not encrypted. Like email, note applications are not a secure platform for sharing sensitive information so we recommend avoiding it

  • Spreadsheets: spreadsheets on your computer might be convenient, but don’t necessarily sync across your devices. Cloud hosted spreadsheets solve that but leave you also in the unencrypted camp. And shared spreadsheets? That only further exposes the risk

  • Sticky Notes: yes they still happen. This does not provide for much resiliency or security

  • Text Messages: like most email, texts travel unencrypted along the way, so best to avoid this method

hashtagWhat you need to share passwords safely

The ideal setup for sharing secure information is to use end-to-end encryption. This means that as soon as the first user inputs the information, like a password, it is automatically encrypted. Then as the password is shared, it remains encrypted so no other entity can view it in transit, nor can anyone see it stored within a cloud or server for syncing. The recipient, on the receiving end, will decrypt the information for use.

This is exactly the type of architecture implemented by popular password managers such as Bitwarden. Details on the Bitwarden security framework are explained in the security section of our help site.

When thinking about sharing secure information, it is common to consider the basics of sharing with a single user. The following diagram illustrates the end-to-end encryption and decryption of sharing a secure information item. However the basic approach lacks scale. As soon as you want to share multiple passwords with multiple people, the model of sharing one-to-one gets too complex to manage.

sharing-basic

Basic approach of secure sharing with end-to-end encryption

hashtagSharing secure information in collections

In the context of a business, or more specifically any group of people organizing with a shared purpose, it is helpful to assemble more than a single password into a collection that can be shared with multiple users.

In this model, you begin with an organization. That could be a family, team, or enterprise. All of your colleagues become members of this organization. Everyone has a personal vault of items but then as part of the organization, everyone also has access to shared collections. Think of collections as shared folders.

Sharing collections becomes the mechanism to share more than one password with more than one user.

sharing-collections

Sharing with collections at scale within an organization

hashtagScaling secure sharing with groups

With the basics in place of an organization with members and one or multiple collections, you can go further and facilitate organizational sharing by group. This helps scale the balance between departments of people of access to types of business resources. For example you may have a set of collections for certain login items such as

  • Shipping profiles
  • Design services
  • Systems logins

Instead of assigning individual users to these collections, you might decide to identify departmental groups and separate those from the collections. In this case our groups might be

  • Operations
  • Marketing
  • Information Technology (IT)

With this setup in place, you could have certain groups access only one collection, such as operations and shipping, or other groups that can access everything such as the IT group.

sharing-groups-collections

Secure scalable sharing with groups and collections

Please note that Groups are a feature of the Bitwarden Enterprise plan.

hashtagGetting started with organizations and collections

If you are interested in exploring organizations and collections for secure sharing, Bitwarden makes everything available to try for free forever. You can combine two free Bitwarden accounts with a free two-person, two-collection organization to see the sharing features first hand!

See Getting Started with Bitwarden Organizations for more detailed explanations or sign up directly for your free two-person organization here.

Downdload this 2022 password managerment report by 451 Research

On this page

Back to Blog

Get started with Bitwarden today.

Create Your Free Account
Language

Products

Resources

  • Resource Center
  • Community Forums
  • Security Compliance
  • Success Stories
  • User Reviews
  • Newsfeed
  • Subscribe to Updates
©2022 Bitwarden, Inc.
Terms Privacy Sitemap