How to stop sharing a YouTube password with an editor or agency
A practical step-by-step for moving every editor and agency off your shared login and onto their own role — without losing a day of work.
Stopping password sharing is a one-time migration, not an ongoing negotiation. You invite each person to the channel with their own Google Account, confirm they can do everything they need, then change the password and lock down 2FA. The whole transition takes under an hour for most channels.
If your situation is actually …
- You haven't moved to a Brand Account yet → Move a personal channel to a Brand Account →
- You want to understand what went wrong before fixing it → Why password sharing is dangerous →
Before you start
Before you start, confirm these are in place.
You know whether your channel is on a Brand Account
Channel permissions work in YouTube Studio on every channel — personal Google Account or Brand Account. What a Brand Account adds is shared ownership (a backup owner, ownership transfer), not the ability to share access.
Verify: Open studio.youtube.com → Settings → Permissions to invite people either way. To check ownership, go to myaccount.google.com/brandaccounts — a Brand Account is what lets you add a second owner.
You have the exact Google Account email for each collaborator
YouTube sends the invite to a specific Google Account. Gmail plus-aliases (name+tag@gmail.com) do not work — use the plain login address.
Verify: Ask each editor or agency contact to share the email they sign into Google with.
You know which role each person actually needs
Most editors need Editor or Editor (limited) — not Manager. Agencies rarely need Manager unless they run campaigns or manage monetization.
Verify: Review the role list in YouTube Studio → Settings → Permissions to understand capabilities before sending invites.
Move everyone off the shared login
Work through this in one session so nobody loses access mid-project. Invite first, confirm access works, then change the password.
Write down everyone who uses the shared login
Make a short list of every person or team who currently signs in with the shared password. Include agencies, freelance editors, assistants, and any third-party tools that use the credentials directly.
Confirm: You have a complete list before sending any invites.
Invite each person by role
In YouTube Studio, go to Settings → Permissions and send an invite to each person's Google Account. Choose the narrowest role that covers their work — Editor for video uploads, Editor (limited) if they don't need to see revenue, Viewer (limited) for analytics-only access.
Where: studio.youtube.com → Settings → Permissions
Confirm: Each invite shows as pending in the Permissions list.
If this fails: Invite not received
Ask each collaborator to accept the invite
The invite email goes to their Google Account inbox. They must click the link to activate access. Invites expire after about 30 days if not accepted, so follow up within a day or two.
Confirm: Each person's status in Permissions changes from "Pending" to their role name.
If this fails: Accepted invite but still no access
Confirm each person can do their actual work
Before touching the password, verify each collaborator can reach the channel in YouTube Studio under their own account. A quick check call or a test upload confirm that nothing is broken.
Confirm: Every collaborator on your list can access the channel under their own Google Account.
Change the account password
Once everyone has confirmed access, change the Google Account password for the channel owner account. This immediately locks out anyone still using the old shared credentials.
Where: myaccount.google.com/security → Password
Confirm: The old password no longer works. Existing role grants are unaffected — they are tied to individual Google Accounts, not the password.
Re-enable or strengthen 2-Step Verification
Password sharing often means 2FA was turned off or bypassed. Re-enable it on the owner account now. Use an authenticator app or a hardware key rather than SMS if possible.
Where: myaccount.google.com/security → 2-Step Verification
Confirm: 2FA is active and only the account owner can complete sign-in.
Revoke any tools that used the shared credentials
If a scheduling tool, analytics service, or automation used the password directly, disconnect and reconnect it using its OAuth flow — it should authorise via your Google Account without needing a password. Check the connected apps list to catch anything you missed.
Where: myaccount.google.com/permissions
Confirm: No third-party service still holds the old password. All connections use OAuth tokens tied to the owner account.
If this fails: Third-party tool cannot connect
Which role to give
Picking the right role is the most important decision in this migration. The table below covers what each role can and cannot do on YouTube.
| Role | Where it lives | Can do | Cannot do |
|---|---|---|---|
Owner Can delegate to others | Google Account / Brand Account owners listEntire channel and its Google account |
| — ⚠ Only assign to long-term, trusted principals. Removing an owner requires Brand Account governance. |
Manager Can delegate to others | YouTube Studio → Settings → PermissionsChannel-wide |
| — ⚠ Managers can invite new users — equivalent to delegating delegation. |
Editor | YouTube Studio → Settings → PermissionsChannel content |
|
|
Editor (Limited) | YouTube Studio → Settings → PermissionsChannel content excluding revenue |
|
|
Viewer | YouTube Studio → Settings → PermissionsRead-only |
|
|
Viewer (Limited) | YouTube Studio → Settings → PermissionsRead-only, no revenue |
|
|
Subtitle Editor | YouTube Studio → Settings → PermissionsSubtitles and captions only |
|
|
When in doubt, start narrower. You can always upgrade a role — but you can't undo what someone did with permissions they shouldn't have had.
Common questions
Keep it clean long-term
Access that isn't written down gets forgotten — and forgotten access is how channels get compromised
Once you've done this migration, the risk comes back the next time someone joins and the process isn't followed. A regular audit of who has what role keeps the list accurate and makes offboarding fast.