The Bitwarden Blog
What is the right way to share passwords?
In our internet-connected world, sharing passwords should be safe and secure. So what is the safest way to share passwords? We’ll walk you through the most secure ways to share sensitive information and help you regain control over your digital privacy.
First, let’s quickly review some of the common ways we all might, but probably should not, share passwords…
Email: most email is not encrypted and is often saved in multiple places, so it’s best to avoid email as a password sharing mechanism
Notes Apps: most note-taking applications are not encrypted. Like email, note applications are not a secure platform for sharing sensitive information so we recommend avoiding it
Spreadsheets: spreadsheets on your computer might be convenient, but don’t necessarily sync across your devices. Cloud hosted spreadsheets solve that but leave you also in the unencrypted camp. And shared spreadsheets? That only further exposes the risk
Sticky Notes: yes they still happen. This does not provide for much resiliency or security
Text Messages: like most email, texts travel unencrypted along the way, so best to avoid this method
The ideal setup for sharing secure information is to use end-to-end encryption, which is the secure way to share passwords. This means that as soon as the first user inputs the information, like a password, it is automatically encrypted. Then as the password is shared, it remains encrypted so no other entity can view it in transit, nor can anyone see it stored within a cloud or server for syncing. The recipient, on the receiving end, will decrypt the information for use.
This is exactly the type of architecture implemented by popular password managers such as Bitwarden. Details on the Bitwarden security framework are explained in the security section of our help site.
When thinking about sharing secure information, it is common to consider the basics of sharing with a single user. The following diagram illustrates the end-to-end encryption and decryption of sharing a secure information item. However, the basic approach lacks scale. As soon as you want to share multiple passwords with multiple people, the model of sharing one-to-one gets too complex to manage.
In the context of a business, or more specifically any group of people organizing with a shared purpose, it is helpful to assemble more than a single password into a collection that can be shared with multiple users.
In this model, you begin with an organization. That could be a family, team, or enterprise. All of your colleagues become members of this organization and you can now use the best way to share passwords with a team. Everyone has a personal vault of items but then as part of the organization, everyone also has access to shared collections. Think of collections as shared folders.
Sharing collections becomes the mechanism to share more than one password with more than one user.
With the basics in place of an organization with members and one or multiple collections, you can go further and facilitate organizational sharing by group. This helps scale the balance between departments of people of access to types of business resources. For example you may have a set of collections for certain login items such as
Instead of assigning individual users to these collections, you might decide to identify departmental groups and separate those from the collections. In this case our groups might be
Information Technology (IT)
With this setup in place, you could have certain groups access only one collection, such as operations and shipping, or other groups that can access everything such as the IT group.
Please note that Groups are a feature of the Bitwarden Enterprise plan.
If you are interested in exploring organizations and collections for secure sharing, Bitwarden makes everything available to try for free forever. You can combine two free Bitwarden accounts with a free two-person, two-collection organization to see the sharing features first hand!
Editor's Note: This article was originally written on May 19, 2020 and was updated on October 3, 2022.
On this page
Back to Blog