WordPress

Understanding the risks of login sharing on WordPress – Security Boulevard

Summary

While it’s a big security no-no, login sharing on WordPress happens more often than one might think. As the term suggests, login sharing is the practice of users sharing their login information with other users. In a recent survey, a whopping 49% of users admitted to sharing their business login details, with younger users (16-24 years) more carefree about sharing their login details than those in the older cohort (55+years).

While you might think that this is not happening on your …….

npressfetimg-927.png

While it’s a big security no-no, login sharing on WordPress happens more often than one might think. As the term suggests, login sharing is the practice of users sharing their login information with other users. In a recent survey, a whopping 49% of users admitted to sharing their business login details, with younger users (16-24 years) more carefree about sharing their login details than those in the older cohort (55+years).

While you might think that this is not happening on your WordPress website, many administrators tend to underestimate the scale of password sharing. Without controls in place, it can be pretty challenging to understand if anyone on your team shares their logins. People rarely admit to sharing passwords, yet login sharing is happening and can lead to many problems and WordPress security issues.

Why do users share their logins?

While there may be legitimate reasons why users may need to share login details, best practices tell us that each user should have their own account. Users share login information for several reasons. Accessing social media accounts or public-facing email addresses, where many people may need to post and do action requests, is a very common reason. Other reasons include:

Expediency: You have work to get done now. Submitting a request asking the helpdesk to create another user account would cause a delay.

Cost: As we use more cloud-based subscription services, there could be additional associated costs to adding more users. This makes login sharing particularly tempting if the need is only temporary.

Management: from the management, business and operations point of view, the fewer accounts to manage, the easier the job is.

The security problems caused by login sharing

For many, sharing their login is just another thing they do at work. Even though users share their logins without any bad intent, the practice of sharing login credentials has several associated security risks.

Credentials leakage

Giving your WordPress logins to a trusted friend or colleague may seem innocuous at first glance. However, you should ask yourself whether they will be as careful with your details as they are of their own? Also, if you are using the same password over multiple accounts; you are not only putting the shared account under threat but potentially all other accounts.

Accordingly, giving up your credentials risk your credentials leaking inside and outside the business.

Encourages use of weak passwords

Over 80% of successful hacking attempts exploit weak passwords, using brute force attacks or stolen credentials. If there is a culture of sharing passwords, these passwords will inevitably be weak and easy to remember.

Misuse of service

When it comes to WordPress security, the principle of least privilege is one of the best tools administrators can employ to maintain a high level of protection. This means that each individual’s account will have specific …….

Source: https://securityboulevard.com/2021/11/understanding-the-risks-of-login-sharing-on-wordpress/