By Diane Cooke
Nadine Dorries — a British parliamentarian and fiction writer— proudly announced that she shares her email with her staff — including interns.
She was talking about Damian Green, the Conservative politician who is currently in hot water over allegations he accessed pornography on his government-issued computer. Dorries argued that just because literally thousands of pornographic thumbnails were discovered on his computer doesn’t mean that he’s guilty.
This is startling because it suggests that credential sharing is a common practice in parliament. And indeed, other MPs chimed in to say that they too shared their log-in details with their employees.
According to SureCloud password sharing is about the worst IT faux pas anyone can make and in terms of government departments with highly sensitive material, potentially disastrous.
Its website states: "It’s absolutely critical that you and all staff are very much encouraged to set unique passwords for all systems and never share passwords used in your ‘personal life’ with any work system (including website logins). There are numerous free and cost effective password managers available, which can help your organisation manage this process. Ultimately, it’s a user education process. Our guidance is to highlight the real threat of password sharing. As ever, users are the weakest link in the security chain but it’s these users that are often your first line of defence. Let’s get them on side here and ensure that we are all working towards better security practice."
The UK's data privacy regulator has now cautioned MPs about sharing work computer passwords.
Sharing passwords is not a breach of the UK's Data Protection Act.
But the law says that "appropriate" security measures concerning personal data must be in place and that those with access must be properly vetted.
"We're aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities," the Information Commissioner's Office said in a tweet of its own.
"We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure."
It added a link to a guide outlining the types of safety measures that should be enforced.