But my company provides us with several sites that uses shared login details between several partners and some of the sites are unfortunately not encrypted.
Are those internal sites only?
Or accessed via the internet? I could not understand such a situation.
Is there no IT administration or similar ? I can't imagine they approve that.
TLS certificates are for free. There is not a single reason to not use them, especially when handling sensitive information.