YouTube Image
LinkedIn Image

GUIDANCE FOR YOUR FUTURE

YouTube link logo
LinkedIn Link

Advice from TECHguy: Think Carefully Before Sharing Your Login Credentials

As TECHguy, I want to share some practical advice based on how I secure my own accounts and what I see regularly cause problems for customers.

I protect my accounts using YubiKeys, and I always use two keys: one primary key for daily use and one backup key stored securely. This setup ensures strong protection against phishing and account takeover while avoiding lockouts.

Most importantly, it enforces a non-negotiable rule: I never give my login credentials to anyone.

This is why I want to address a common support practice that customers should approach with caution.

Being Asked to Share Logins for Support Tasks

Some services, including Systeme.io, advise customers to share their login credentials with support staff so they can configure things like DNS settings. While this may sound convenient, it introduces unnecessary risk for the customer.

When you give someone your login:

  • They act under your identity

  • You lose accountability and audit clarity

  • Your credentials are exposed beyond your control

  • Your security setup, including hardware keys, is effectively bypassed

Even if support staff are trusted, this approach does not align with modern security best practices.

Why This Undermines Hardware Security Keys

Hardware security keys like YubiKey exist specifically to prevent credential sharing and phishing. They require physical possession and cannot be copied or sent remotely.

If a platform requires you to share your login, it negates the protection that hardware-based authentication provides. That is not a customer failure—it is a platform design limitation.

How Customers Can Minimize Risk

If you are ever in a situation where support access is requested, consider the following steps to reduce exposure:

  • Do not share your primary administrator account
    Especially avoid accounts tied to billing, domains, or security settings.

  • Ask for alternatives
    DNS changes are usually performed at your domain registrar or DNS provider without giving application access.

  • Use limited or temporary access if available
    Grant the minimum permissions required and remove access immediately afterward.

  • Rotate credentials after support work
    Change passwords and revalidate authentication methods once the task is complete.

  • Document everything
    Keep records of what was changed and when.

Final Advice

Security tools like YubiKeys are only effective when supported by good processes. Sharing login credentials creates blind spots and weakens your security posture. Convenience should never outweigh control.

If a service requires credential sharing to function or provide support, proceed carefully and limit your risk as much as possible.

TECHguy

Located in the Swedish part of Finland - Available World-Wide


TECHguy is a brand operated by Ab Söderholms IT-tjänster Oy.

Registered in Finland