Hiring a Virtual Assistant means handing over tasks, tools – and sometimes, access to sensitive accounts. The question becomes, ‘how do you share passwords without compromising security or creating unnecessary risk’?
The security concerns rest on both sides of the aisle – whether you’re a business owner delegating the work or a VA receiving access. Here’s the good news. You can give someone access to your accounts without ever revealing the actual password. The key is using the right tools and protocols.
Why You Should Never Email Passwords
Let’s start with what not to do.
Sending passwords via email, chat, or spreadsheets is risky. These methods:
- Can be intercepted or hacked
- Leave a permanent trail
- Don’t allow for easy revocation or control
Instead, use password managers designed for secure sharing. These tools encrypt your credentials and allow you to grant access without revealing the actual password.
So, the next question becomes, ‘which tools are best for safely sharing access to passwords?’
Comparison of the top tools used by clients and VAs to share password access safely
| Tool | Best for | Key Features | Pros | Cons |
| LastPass | General use, Teams | Share access without revealing passwords, folder organisation, MFA | Easy to use, browser extension, free plan available | Interface can feel cluttered, occasional sync issues |
| 1Password | Teams and agencies | Shared vaults, granular permissions, strong encryption | Clean UI, excellent security, travel mode | No free plan, slightly higher cost |
| Dashlane | Solo users and small teams | Password sharing, dark web monitoring, VPN | All-in-one security features, intuitive design | Limited sharing options on free plan |
| Bitwarden | Privacy-conscious users | Open-source, encrypted sharing, vault access | Affordable, transparent, strong community support | UI less polished, setup may require tech comfort |
| Google Password Manager | Quick access for Google users | Autofill, sync across devices | Built-in for Chrome users, simple setup | Limited sharing features, not ideal for teams |
Most small businesses tend to use LastPass due to its easy to use interface. But as digital security is becoming a priority, you’ll see above why Bitwarden and Dashlane are becoming more popular.
Best Practices for Clients when Sharing Passwords
- Use a password manager: Choose one that allows “masked” sharing so your VA never sees the actual password.
- Enable two-factor authentication (2FA): This practice, while often can be viewed as a pain in the butt, adds a layer of protection even if credentials are compromised.
- Create role-specific access: Don’t give full admin rights to your VA unless absolutely necessary.
- Revoke access when roles change: Always remove credentials when a VA leaves or shifts responsibilities.
- Use role-based accounts when possible (e.g., VA@yourdomain.com).
- Avoid using personal accounts for business operations.
- Regularly audit shared credentials and remove unused access.
- Educate VAs on phishing, scam awareness, and secure login habits.
Best Practices for VAs
- Accept shared credentials via secure tools only
- Never store passwords in plain text or spreadsheets
- Use your own password manager to organise client access
- Immediately notify clients if you suspect a breach or login issue
- Log out of any applications when you are finished working on tasks/projects
- Do not share your work device (laptop, desktop, tablet, mobile, etc) with anyone else
The Benefits of Creating a Password Sharing SOP
By using secure password-sharing tools and following best practices, you protect your business, clients, and your reputation. We cannot stress how important it is to avoid shortcuts with these practices.
Here’s a simple SOP to securely share passwords with your Virtual Assistant.
Step 1: Identify Access Needs
- List all platforms the VA requires access to (e.g., email, CRM, website backend).
- Determine the level of access needed (admin, editor, viewer). Remember, don’t give full admin rights to your VA or other team members unless absolutely necessary.
- Avoid sharing master credentials unless absolutely necessary.
Step 2: Use a Password Manager
- Choose a secure password manager (e.g., LastPass, 1Password, Bitwarden).
- Create a shared vault or folder for VA access.
- Set permissions to restrict visibility or editing of sensitive credentials.
Step 3: Share Access Securely
- Use the password manager’s “share without revealing” feature when possible.
- Never send passwords via email, chat, or unencrypted documents.
- If temporary access is needed, set expiration dates or revoke access after task completion.
Step 4: Enable Two-Factor Authentication (2FA)
- Activate 2FA on all critical accounts.
- Use app-based authenticators (e.g., Authy, Google Authenticator) instead of SMS.
- If VA needs 2FA access, consider using shared device authentication or delegated access tools.
Step 5: Document Access in a Control Log
- Maintain a simple log with:
– Platform name
– Type of access
– Date shared
– Who has access
– Expiry or review date
- Review monthly and update as needed.
Step 6: Set Expectations in Onboarding
- Include password-sharing protocols in your VA onboarding guide.
- Clarify:
– What tools they’ll use
– How to request access
– What to do if locked out or suspicious activity occurs
Step 7: Revoke Access When Roles Change
- Immediately revoke access when a VA leaves or changes roles.
- Use the password manager’s revoke/share audit features.
- Rotate passwords for sensitive accounts if direct credentials were shared.
