If I have a password to an account I am then a single point of failure to accessing that account.
If I share that password with other people, then I am no longer a single point of failure, however if one of those people is no longer a ‘responsible person’ and leaves the role, they still have the password.
When you then change the password, that can have a knock on effect:
- Everyone needs to be updated with the password
- If an autonomous system relied on the password (not that common these days though) then that system needs maintenance else it’ll break
- You’re trusting everyone to remember the password, storing or noting down the password or writing it in various places then introduces security risks.
This is where a password manager comes in, Lastpass for example can give you access to a password without knowing what it is (at least to my understanding) and it can log you into the system. It can share that password with people, and it can revoke that access. All without changing the main password.
It’s also possible that the shared password mechanism of Lastpass is better than say, if we set in Twitter to allow a person’s account to access a ‘company account’, then we’re relying on that person’s account to have a secure password, perhaps 2 factor authentication, using Lastpass we’re not relying on their account and we’re giving them the same access.
It then becomes a matter of secure convenience. When you start using systems where you’re sharing around passwords to get into something, as opposed to giving access via permissions on accounts, you encounter these hiccups and it can stop things.