No, sharing passwords in Washington D.C. violates local and federal cybersecurity laws unless explicitly authorized by the account owner or employer policies, exposing parties to civil liability under the D.C. Computer Fraud and Abuse Act and potential criminal penalties under the CFAA.
Key Regulations for Sharing Passwords in Washington D.C.
- D.C. Computer Fraud and Abuse Act (D.C. Code § 22-1801 et seq.): Prohibits unauthorized access to computer systems, including password sharing that exceeds authorized use, with penalties up to $10,000 in fines and imprisonment for repeat offenses.
- Federal Computer Fraud and Abuse Act (18 U.S.C. § 1030): Criminalizes password sharing that facilitates unauthorized access to protected computers, particularly when done with intent to defraud or cause damage, as reinforced by recent 2026 DOJ enforcement guidance.
- Employer Policies & Industry Standards: The D.C. Office of the Chief Technology Officer (OCTO) mandates strict adherence to agency-specific cybersecurity protocols, where password sharing—even among employees—violates zero-trust architecture principles and may trigger disciplinary action or termination under D.C. Municipal Regulations.
Violations often escalate when shared credentials enable data breaches, as seen in 2025 cases prosecuted under D.C. Superior Court’s cybercrime docket, where plaintiffs successfully argued negligent password management under tort law. Organizations must enforce multi-factor authentication and role-based access controls to mitigate liability.