When they say the share password, the only practical way is to copy the passwords and user name pair from xys to the other side. Since xys doesn't have the plaintext form of the password, the other side won't be able to obtain it also. The only way to find the plaintext is to use dictionary attack, and I don't think that is the case, since it will take rather long computational time.