Sharing passwords with coworkers is a necessary practice in many businesses, allowing teams to collaborate seamlessly and access shared resources. Small businesses in particular are always on the lookout for cheaper, simpler ways to handle password sharing.
MacOS Sonoma and iOS 17 introduced the ability to create groups of passwords and share them with trusted users, rather than sharing passwords or passkeys one by one. Apple intends this feature for family, friends, or other close contacts.
You control who to add to password groups you create. People you add can in turn add or remove their passwords from the group.
If your contact uses a different operating system or older versions of MacOS, they won't be able to take advantage of this feature.
In this article, we'll explore password groups in MacOS Sonoma, and see if it's a good solution for businesses. We will also compare it to the alternative option of using password managers, which are specifically designed to address the business needs of securely sharing passwords.
Here are 5 key takeaways from the article:
Group Password Sharing: MacOS Sonoma introduces sharing passwords by group, allowing multiple users to access the same bucket of passwords. It's intended to simplify password sharing for families and friends.
Compatibility: To utilize the group password sharing feature, all users involved must have MacOS with Sonoma or later, or iOS 17 or later. If your organization is married to the Apple ecosystem this may be just fine, but mixed-platform environments will struggle.
Security Considerations: While passwords in the keychain are end-to-end encrypted, the password-sharing feature relies on the user's iCloud account which is intended for personal use. Password managers allow an admin to enforce security policies like 2FA, massively reducing the risk that an employee will be a point of failure for the business.
Business Use and Scalability: For businesses, especially those with larger teams or complex password-sharing requirements, password managers offer greater flexibility and scalability. They allow for customized access controls, comprehensive user management, and centralized administration, making them more suitable for organizations with evolving needs.
What are Keychain Shared Password Groups?
MacOS Sonoma and iOS 17 introduced the ability to share passwords to a group, and then share that group with other iCloud users in your contact list. Passwords stay up to date for all users, and you can remove anyone from the group at any time.
This feature leads to an obvious question:
Can I share passwords with coworkers using keychain password groups?
If your coworker has an iCloud account and they're in your contacts, then yes, you can share passwords with them through Apple's password groups.
There are pros and cons to doing so, however.
- Free: As long as everyone has an updated Apple device, you can create and share create and share groups of passwords at no additional cost.
- More secure than emails and spreadsheets: If it's between this and a spreadsheet or email list, Apple's end-to-end encryption on passwords in the iCloud keychain is certainly a better choice.
- Vendor-locked: Users on Windows or Android cannot participate. If you're relying on iCloud Keychain for business needs, some users will end up stranded.
- No admin controls: You can't require the people you share passwords with to implement 2FA, use secure PINs or passcodes, or handle their devices securely. You don't have activity reports to see who is using what passwords when, and if any suspicious activity is happening. Password managers, on the other hand, allow administrators to enforce additional security measures and monitor activity.
- Clunky group sharing: Ultimately, Apple's password sharing is made for individual use. The Sonoma group feature makes it easier to create a shared pool of passwords for family and friends, but without an Admin privilege level or the ability to add multiple admins to a group, it's impossible to keep track of who has access to what.
Apple's group password sharing is a great feature, but it should be reserved for its intended purpose: personal use. It lacks security controls, requires iCloud accounts and Apple devices, and becomes unwieldy when storing a large number of passwords across multiple groups. The creator of each group controls who is added to and removed from each group. If you want to hand off this responsibility to an admin, you're out of luck.
Password groups are meant for fairly basic password sharing. Other types of credentials rely on the notes field.
Is it safe to share passwords with coworkers on Mac?
Passwords in the iCloud Keychain are end-to-end encrypted, meaning only you can access your passwords on a trusted device where you've signed into your iCloud account. The encryption is done with AES 256-bit encryption, an industry standard. For personal use, Apple's group password sharing is plenty safe.
Does that mean you should use it with coworkers? No. Trying to use a product that was intended for individual use in a team setting creates a few issues.
First, there is no activity monitoring or ability to enforce additional security measures. You can't see if a record is opened at a suspicious time of day. You can't enforce 2FA or secure device passwords,
Second, vendor-locked software encourages bad security habits.
Let's say you have a MacBook that your company provided. Your team uses iCloud Keychain groups to share passwords. However, work doesn't provide a phone and you have an Android. So you copy the passwords from the keychain and email them to yourself so you'll never get locked out. All that AES 256-bit encryption is essentially pointless.
Alternatives to Keychain Password Groups
Several reputable password managers in the market offer team-oriented features. These tools provide a secure and centralized platform for storing and sharing passwords among team members.
We offer TeamPassword, an easy-to-use password manager designed specifically for teams and small businesses. TeamPassword has apps for iOS and Android and browser extensions for Safari, Edge, and Chrome (and any Chromium-based browser like Brave).
As a password manager built for businesses, TeamPassword is featured accordingly. It has a credit card record type, attachment support, multiple permission levels, and activity reports so you can see suspicious activity.
Try TeamPassword for free today!