Sharing your password with your supervisor isn’t safe, and here’s how to protect sensitive information in Get Covered Illinois

You can apply certain controls to protect information within Get Covered Illinois. Which of the following is NOT a recommended control?

• A. Changing your password often.
• B. Sharing your password with your supervisor.
• C. Taking security awareness training programs.
• D. Restricting access to systems that contain sensitive information.

Answer: (B)

Sharing your password with your supervisor is not a recommended control because it compromises the security and confidentiality of sensitive information. Passwords are intended to be secret and are a fundamental element of an individual’s security. When you share your password, you increase the risk of unauthorized access to your personal information and that of others. The principle of least privilege dictates that access to sensitive systems and data should be limited to only those who need it for their roles, and sharing passwords undermines this principle. On the other hand, changing your password often helps enhance security by reducing the window of opportunity for someone to misuse an old password. Participating in security awareness training programs equips individuals with the knowledge needed to identify and respond to security threats effectively. Restricting access to systems that contain sensitive information ensures that only authorized users can access that information, thereby protecting it from unauthorized access and potential breaches.

Security matters when you’re working with Get Covered Illinois (GCI). The data you handle—names, addresses, health coverage details, even financial information—needs protection just like a prized possession. When we talk about safety controls, it’s not about making things harder; it’s about keeping people’s information safe and trustworthy. Here’s a clear, friendly guide to how to think about these controls, why one of the common options isn’t a good idea, and what you can do instead to stay on the right side of security.

One quick reminder up front: among typical controls, sharing your password with your supervisor is not a good idea. It’s not a recommended measure because it undermines security. Let me explain why, and then we’ll walk through better choices that really do protect information.

Why password secrecy isn’t negotiable

Passwords are the keys to your digital door. They’re supposed to be personal, just like a PIN for your ATM card. When you share a password, you’re handing out a duplicate key. You can’t always predict what happens next—someone might forget to log out, their screen might lock, or their devices could be lost. The risk isn’t just about you; it’s about everyone whose data could be exposed if that password falls into the wrong hands.

The principle of least privilege is a useful compass here. It means people should access only what they need to do their job, nothing more. If a supervisor needs to perform a task, that access should be granted through proper channels, not by giving them your password. Shared passwords break the chain of accountability and make it harder to track who did what.

A practical look at the four controls you’ll hear about

A. Changing your password often

This one isn’t flashy, but it’s a reliable habit. Regular password changes reduce the window of opportunity for someone to misuse an old credential. It’s a simple, effective way to keep doors from staying unlocked for too long. The trick is to use strong, unique passwords each time and avoid reusing the same phrases across different sites or systems. A password manager can help here—think of it as a digital wallet that stores long, random strings so you don’t have to memorize them.

B. Sharing your password with your supervisor

Not a good idea. This approach sounds like a shortcut, but it creates a spiral of risk. If the supervisor’s account gets compromised, there’s a chain reaction that could affect multiple people’s data. It also makes it hard to know who accessed what and when. Instead, use formal access controls, approvals, and role-based access. If a task needs higher permission, the workflow should trigger a legitimate authorization step within the system.

C. Taking security awareness training programs

Knowledge is a powerful shield. Short, practical training sessions teach you to spot phishing emails, suspicious attachments, and social engineering tricks. They also cover how to handle sensitive information properly, how to report incidents, and what to do if you suspect a breach. Training isn’t a one-and-done thing; it’s a habit that keeps security top of mind. It’s also a way to learn the latest scams and defenses that evolve over time.

D. Restricting access to systems that contain sensitive information

Access control matters. When you limit who can see certain files or systems, you dramatically reduce the chance of a data leak. This is often implemented through role-based access, where permissions line up with a person’s job duties. It’s the practical counterpart to “least privilege.” If you don’t need access to a system to do your job, you shouldn’t have it.

Bringing it home with real-world habits

• Passwords that actually protect you

Strong passwords don’t rely on obvious patterns. They mix uppercase and lowercase letters, numbers, and symbols in a way that’s not easy to predict. Avoid using personal hints (like birthdays or pet names). Instead, craft passphrases: three or four random words with some numbers or symbols sprinkled in. If you use a password manager, you can create and store these big, unique strings securely. And turn on two-factor authentication whenever it’s offered. That extra step—your password plus a second proof of who you are—adds a robust layer of security.

• Training that sticks

Security awareness training should feel practical, not abstract. It helps you recognize a fake deadline email, a suspicious link, or someone calling about “account verification” who asks for sensitive information. It also covers how to report incidents so they can be contained quickly. Think of training as a safety net you weave into your daily routine—like checking your seatbelt before you start driving or locking the door when you leave.

• Access with care

When you’re assigned a task that needs more access, expect a formal process. You might need a supervisor’s sign-off, an approval in the system, or an alternate workflow that grants temporary access for a defined period. The goal isn’t to bog you down with red tape; it’s to keep sensitive data in the right hands at the right times. If you notice you have access you shouldn’t have, report it and get it corrected.

Weaving in some relatable tangents

Security sometimes feels like a maze. You lock your door at home, you lock your phone, but you still have to answer emails, use public Wi-Fi, and share documents with teammates. It’s not about perfection; it’s about sane, consistent habits. For instance, a quick habit you can adopt is to set a reminder to review your access rights every few months. You’ll be surprised how often permissions drift—someone changes roles, takes on a new project, or leaves the organization altogether. A quick audit can prevent a lot of headaches later.

If you’re curious about the tools people rely on, password managers like LastPass, 1Password, or Dashlane are popular choices in many workplaces. They aren’t a magical fix, but they do reduce the burden of remembering dozens of unique passwords. MFA is a close partner to that strategy; it’s like a second gate that makes it much harder for intruders to move around even if they somehow grab a password.

A few practical tips you can start today

• Keep devices secure: Use a screen lock with a short auto-lock timer. Enable device encryption if it’s available. If you ever lose a device, report it quickly so data can be protected.

• Be careful with sharing information: If a colleague asks for access, steer them toward the proper process. Don’t assume you know what’s best—follow the official channels.

• Treat sensitive data with care: Even within teams, limit what you email, print, or store on shared drives. When in doubt, ask a supervisor or your security contact for guidance.

• Stay curious, not paranoid: It’s normal to wonder about the “what ifs.” The point is to build confidence in your daily actions—habit beats worry, most days.

A steady rhythm for security

Security isn’t a one-off checklist; it’s a rhythm you build into daily work life. You change passwords on a schedule, you participate in short training modules, you review who has access to what, and you act quickly if something doesn’t look right. That cadence keeps data safer without turning your day into a maze of rules.

The bottom line

Sharing your password with your supervisor is not a recommended control. It breaks the essential rules of security, erodes accountability, and opens doors—sometimes literally—to risk. Strong passwords, regular changes, security training, and strict access controls form a practical trio that protects both individuals and the organization. When you mix these practices with a healthy dose of common sense, you’ll find you can work confidently, knowing you’ve done your part to keep information secure.

If you ever feel unsure about a security step, there’s no shame in asking for a quick clarification. A fast check-in with your security team or a trusted colleague can prevent a small mistake from turning into a bigger issue. After all, safe habits are contagious—in the best possible way.

In short: treat passwords like a personal key, respect access boundaries, and stay curious about security. It’s not just about protecting data; it’s about sustaining trust with every person Get Covered Illinois serves. And that trust—built one careful action at a time—is worth the effort.