The Bitwarden Blog

What is the right way to share passwords?

authored by:Gary Orenstein
Link Copied!
  1. Blog
  2. What is the right way to share passwords?

What is the right way to share passwords?

In our internet-connected world, sharing passwords should be safe and secure. So what is the safest way to share passwords?  We’ll walk you through the most secure ways to share sensitive information and help you regain control over your digital privacy.

How not to share passwords

First, let’s quickly review some of the common ways we all might, but probably should not, share passwords…

  • Email: most email is not encrypted and is often saved in multiple places, so it’s best to avoid email as a password sharing mechanism

  • Notes Apps: most note-taking applications are not encrypted. Like email, note applications are not a secure platform for sharing sensitive information so we recommend avoiding it

  • Spreadsheets: spreadsheets on your computer might be convenient, but don’t necessarily sync across your devices. Cloud hosted spreadsheets solve that but leave you also in the unencrypted camp. And shared spreadsheets? That only further exposes the risk

  • Sticky Notes: yes they still happen. This does not provide for much resiliency or security

  • Text Messages: like most email, texts travel unencrypted along the way, so best to avoid this method

What you need to share passwords safely

The ideal setup for sharing secure information is to use end-to-end encryption, which is the secure way to share passwords. This means that as soon as the first user inputs the information, like a password, it is automatically encrypted. Then as the password is shared, it remains encrypted so no other entity can view it in transit, nor can anyone see it stored within a cloud or server for syncing. The recipient, on the receiving end, will decrypt the information for use.

This is exactly the type of architecture implemented by popular password managers such as Bitwarden. Details on the Bitwarden security framework are explained in the security section of our help site.

When thinking about sharing secure information, it is common to consider the basics of sharing with a single user. The following diagram illustrates the end-to-end encryption and decryption of sharing a secure information item. However, the basic approach lacks scale. As soon as you want to share multiple passwords with multiple people, the model of sharing one-to-one gets too complex to manage.

Basic approach of secure sharing with end-to-end encryption diagram

Sharing secure information in collections

In the context of a business, or more specifically any group of people organizing with a shared purpose, it is helpful to assemble more than a single password into a collection that can be shared with multiple users.

In this model, you begin with an organization. That could be a family, team, or enterprise. All of your colleagues become members of this organization and you can now use the best way to share passwords with a team. Everyone has a personal vault of items but then as part of the organization, everyone also has access to shared collections. Think of collections as shared folders.

Sharing collections becomes the mechanism to share more than one password with more than one user.

Sharing with collections at scale within an organization

Scaling secure sharing with groups

With the basics in place of an organization with members and one or multiple collections, you can go further and facilitate organizational sharing by group. This helps scale the balance between departments of people of access to types of business resources. For example you may have a set of collections for certain login items such as

  • Shipping profiles

  • Design services

  • Systems logins

Instead of assigning individual users to these collections, you might decide to identify departmental groups and separate those from the collections. In this case our groups might be

  • Operations

  • Marketing

  • Information Technology (IT)

With this setup in place, you could have certain groups access only one collection, such as operations and shipping, or other groups that can access everything such as the IT group.

Secure scalable sharing with groups and collections

Please note that Groups are a feature of the Bitwarden Enterprise plan.

Getting started with organizations and collections

If you are interested in exploring organizations and collections for secure sharing, Bitwarden makes everything available to try for free forever. You can combine two free Bitwarden accounts with a free two-person, two-collection organization to see the sharing features first hand!

See Getting Started with Bitwarden Organizations for more detailed explanations or sign up directly for your free two-person organization here.

451 Research 2022 Enterprise Password Management Report

Ready to try out Bitwarden today? Quickly sign up for a free Bitwarden account, or register for a 7-day free trial of our business plans so your business and team can stay safe online.

Editor's Note: This article was originally written on May 19, 2020 and was updated on October 3, 2022.

Secure SharingSecurity Tips
Link Copied!
Back to Blog

Get started with Bitwarden today.

Create your free account

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here