Understanding How People Share Passwords

Many systems are built around the assumption that one account corresponds to one user. Likewise, password creation and management is often studied in the context of single-user accounts. However, account and credential sharing is commonplace, and password generation has not been thoroughly investigated in accounts shared among multiple users. We examine account sharing behaviors, as well as strategies and motivations for creating shared passwords, through a census-representative survey of U.S. users (n = 300). We found that password creation for shared accounts tends to be an individual, rather than collaborative, process. While users tend to have broadly similar password creation strategies and goals for both their personal and shared accounts, they sometimes make security concessions in order to improve password usability and account accessibility in shared accounts. Password reuse is common among accounts collectively shared within a group, and almost a third of our participants either directly reuse or reuse a variant of a personal account password on a shared account. Based on our findings, we make recommendations for developers to facilitate safe sharing practices.